logo

Bug in FIFA World Cup internal system gave anyone ability to modify TV stream

ID: 1880ca10-819c-5607-8fce-a46c6ceb97df

STIX ID: report--1880ca10-819c-5607-8fce-a46c6ceb97df

Feed Name: TechCrunch Security News

Threat Score
70/100

Date Published: 2026-06-16

Date Updated: 2026-06-17

Author: Lorenzo Franceschi-Bicchierai

...
...

A researcher discovered a missing authorization check in FIFA’s agent registration backend API that allowed her, after registering as a player agent, to access internal platforms controlling broadcasters' TV streams and commentators' displays—potentially allowing an attacker to hijack live World Cup camera feeds. The flaw was reported and patched by FIFA within hours; there is no reported evidence of malicious use.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.