A significant security vulnerability in FIFA’s internal systems during the 2026 World Cup has been uncovered, potentially allowing unauthorized individuals to manipulate live television broadcasts of the matches. This flaw was identified by a security researcher known as BobDaHacker, who detailed the issue in a recent blog post.
The researcher discovered that by registering as a player agent on FIFA’s official platform—a process that lacked proper verification—she could exploit a back-end API flaw. This oversight permitted access to several internal FIFA platforms without appropriate authorization checks. Notably, this included the system responsible for controlling global TV broadcasts and commentators’ feeds during live matches.
Highlighting the severity of the issue, the researcher noted that a single attacker could have simultaneously hijacked every camera feed, potentially disrupting the entire World Cup broadcast. She reported the vulnerability to FIFA, which addressed and resolved the issue within a few hours. However, FIFA has not publicly acknowledged the report or provided further comments on the matter.
This incident underscores the critical importance of robust cybersecurity measures in large-scale international events. The potential for unauthorized access to broadcast systems not only threatens the integrity of the event but also poses significant risks to stakeholders and audiences worldwide. Organizations must prioritize comprehensive security protocols and regular audits to prevent such vulnerabilities from being exploited in the future.
