Yesterday, reports emerged that kernel.org had deleted all hosted kernel files. Every archived and current kernel package became inaccessible. Affected paths returned HTTP 404 or HTTP 403 errors.
Because kernel.org operates alongside multiple downstream mirror sites, the damage spread quickly. When the primary server removed its data, those mirrors synchronized automatically. As a result, downstream sites deleted their own copies of every kernel package and source archive.
Linux Foundation Confirms a Configuration Error
The Linux Foundation, which operates the affected infrastructure, issued a statement late that evening. Officials confirmed that a configuration error triggered the outage. Specifically, the error occurred while engineers were adding a new primary mirror to the network.
That misconfiguration temporarily blocked access to the kernel archive files on the mirror servers. The Foundation stated that recovery efforts were already underway. You can follow live updates on the Linux Foundation status page.
Full Archive Still Unavailable at Time of Writing
At the time of writing, the complete archive had not yet been restored. The volume of data involved is substantial. Recovery is therefore expected to take considerable time.
Recent Kernel Files Are Already Downloadable Again
However, recently released kernel files are already available for download. For most developers, grabbing the latest kernel or source code for manual compilation should now be straightforward.
Older archived files will require additional time to recover. Downstream mirror synchronization is also expected to take longer to complete.
Official Incident Timeline
14:21 UTC July 2, 2026
A configuration error arose during the addition of a new primary mirror. That error temporarily disrupted access to kernel archive files on the mirror servers.
- Eastern Daylight Time: 10:21 EDT (July 2)
- Pacific Daylight Time: 07:21 PDT (July 2)
17:26 UTC July 2, 2026
The recovery process was still ongoing. The Foundation thanked users for their continued patience.
- Eastern Daylight Time: 13:26 EDT (July 2)
- Pacific Daylight Time: 10:26 PDT (July 2)
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.