FIFA patches access flaw that could hijack 2026 World Cup broadcasts
Security researcher BobDaHacker discovered a vulnerability in FIFA’s internal systems that gave access to the platform used to manage live World Cup 2026 broadcasts. By registering through FIFA’s public portal for football agents, the researcher obtained an account that bypassed server‑side permission checks, exposing camera feeds, stream‑keys and controls for starting, stopping and scheduling streams. The researcher warned that “a single attacker could hijack every camera simultaneously” and could potentially replace official footage with arbitrary video.
FIFA addressed the flaw within hours after being alerted, fixing the authorization issue that allowed any authenticated account to retrieve privileged data. There is no evidence that the vulnerability was exploited before the patch, and FIFA has not issued a public statement about the incident.