Pwn2Own Berlin Zero-Days Hit Edge, Windows 11, and AI Platforms
Researchers at Pwn2Own Berlin 2026 earned $523,000 on the first day after demonstrating 24 unique zero-day vulnerabilities against fully patched targets spanning browsers, operating systems, AI platforms, and NVIDIA-related infrastructure. The standout exploit came from Orange Tsai of DEVCORE Research Team, who chained four logic bugs to escape the Microsoft Edge sandbox and collected $175,000. Windows 11 was also successfully compromised three times through separate local privilege-escalation zero-days, underscoring continued risk in core desktop platforms.
Other successful demonstrations targeted Red Hat Linux for Workstations, NVIDIA Container Toolkit, NVIDIA Megatron Bridge, LiteLLM, Chroma, OpenAI Codex, and LM Studio, showing that enterprise AI tooling was a major attack surface at the event. Some attempts, including attacks against Oracle Autonomous AI Database and one OpenAI Codex entry, failed, but AI products still featured prominently as the competition’s enterprise-and-AI theme drove testing. After day one, DEVCORE Research Team led the standings with $205,000, and disclosed bugs now move into the contest’s 90-day vendor remediation window.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
12 events from the most recent confirmed update back to the earliest known activity.
CISA adds Pwn2Own Exchange bug CVE-2026-42897 to KEV
After Pwn2Own Berlin 2026, the Microsoft Exchange remote code execution flaw CVE-2026-42897 demonstrated by Orange Tsai was reported as exploited in the wild and added to CISA's Known Exploited Vulnerabilities catalog. This marked an escalation from a contest-disclosed zero-day to an actively exploited vulnerability requiring operational response.
Pwn2Own Berlin 2026 ends with 47 zero-days and $1.29 million awarded
At the conclusion of Pwn2Own Berlin 2026, researchers had demonstrated 47 unique zero-day vulnerabilities and earned a total of $1,298,250. DEVCORE finished first with $505,000, followed by STARLabs SG with $242,500 and Out Of Bounds with $95,000, as the contest also recorded seven failed attempts.
STARLabs SG wins $200,000 for VMware ESXi exploit on day three
On the final day of Pwn2Own Berlin 2026, STARLabs SG successfully exploited VMware ESXi and triggered the Cross-tenant Code Execution add-on. The demonstration earned $200,000 and 20 Master of Pwn points, making it the highest-value result reported for day three.
Day three of Pwn2Own Berlin records final successful exploits
On the third and final day of Pwn2Own Berlin 2026, researchers added successful exploits against Red Hat Linux for Workstations and Windows 11. Sina Kheirkhah of Summoning Team earned a reduced award after a collision on one Red Hat bug, while Viettel Cyber Security won with a Windows 11 privilege-escalation exploit.
splitline exploits Microsoft SharePoint on Pwn2Own day three
On the final day of Pwn2Own Berlin 2026, researcher splitline demonstrated a successful two-bug exploit chain against Microsoft SharePoint. The result contributed to DEVCORE securing the Master of Pwn title at the end of the competition.
Orange Tsai lands $200,000 Exchange RCE on Pwn2Own day two
On day two of Pwn2Own Berlin 2026, Orange Tsai of DEVCORE exploited Microsoft Exchange with an attack chain that achieved remote code execution and SYSTEM privileges. The demonstration earned $200,000 and was reported as the highest-value exploit of the competition at that point.
Day two of Pwn2Own Berlin awards $385,750 for 15 zero-days
On the second day of Pwn2Own Berlin 2026, researchers earned $385,750 for 15 zero-day vulnerabilities against fully patched targets including Windows 11, Microsoft Exchange, Red Hat Enterprise Linux for Workstations, Cursor, and LiteLLM. The running competition total reached $908,750 for 39 unique vulnerabilities, while some attempts against Safari and SharePoint failed.
DEVCORE leads Pwn2Own Berlin standings after day one
At the end of the first day, the DEVCORE Research Team led the competition leaderboard with $205,000 in winnings. Valentina Palmiotti was reported in second place with $70,000.
Windows 11 is exploited three times via separate zero-days
Researchers successfully compromised Windows 11 three separate times on day one using distinct local privilege escalation zero-days. The repeated successes highlighted Windows 11 as one of the most impacted targets of the opening day.
Orange Tsai wins top day-one payout with Edge sandbox escape
DEVCORE researcher Orange Tsai delivered the standout day-one exploit by chaining four logic bugs to escape the Microsoft Edge sandbox. The demonstration earned $175,000 and helped put DEVCORE in the lead.
Day one of Pwn2Own Berlin awards $523,000 for 24 zero-days
On the first day of the competition, researchers earned a total of $523,000 for demonstrating 24 unique zero-day vulnerabilities across browsers, operating systems, AI platforms, and NVIDIA-related infrastructure. Successful targets included Microsoft Edge, Windows 11, Red Hat Linux for Workstations, NVIDIA Container Toolkit, NVIDIA Megatron Bridge, LiteLLM, OpenAI Codex, Chroma, and LM Studio.
Pwn2Own Berlin 2026 opens at OffensiveCon
Pwn2Own Berlin 2026 began at OffensiveCon as a three-day competition focused on enterprise and AI targets. The event was scheduled to run from 2026-05-14 through 2026-05-16 under rules requiring exploits against fully patched targets.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
13 references tracked. Mallory keeps watching after this page renders.
Pwn2Own Berlin 2026 a Detailed Report - TheCyberThrone
thecyberthrone.in
Open sourcePwn2Own Berlin 2026, Day Three: DEVCORE Crowned Master of Pwn, $1.298 Million Total
securityaffairs.com
Open sourceMicrosoft Exchange, Windows 11, and Cursor Zero-Days Exploited on Pwn2Own Day 2
cybersecuritynews.com
Open sourceZero Day Initiative - Pwn2Own Berlin 2026: Day Three Results and Master of Pw
zerodayinitiative.com
Open sourceZero Day Initiative - Pwn2Own Berlin 2026 - Day Two Results
zerodayinitiative.com
Open sourceWindows 11 and Microsoft Edge hacked at Pwn2Own Berlin 2026
bleepingcomputer.com
Open sourceZero Day Initiative - Pwn2Own Berlin 2026 - Day One Results
zerodayinitiative.com
Open source�� ������������ Pwn2Own � ������� ������������������ ������ RHEL, Windows 11 � AI-�������
opennet.me
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Pwn2Own Berlin Exposes Host-Level Risks in AI Developer Tools and Infrastructure
Pwn2Own Berlin 2026 showed that generative AI has become both an attack target and an offensive aid, as contestants used LLMs and coding agents to accelerate code review, translation, and exploit development while probing AI products including **Claude Code**, **OpenAI Codex**, **Cursor**, **Ollama**, **ChromaDB**, **LM Studio**, **Megatron Bridge**, and **Nvidia Container Toolkit**. Researchers reported that AI assistance improved speed but still generated many false positives during bug discovery, reinforcing that human validation remains necessary in vulnerability research. The competition highlighted recurring weaknesses across AI ecosystems, particularly overprivileged developer tools, unsafe trust relationships between agents and users, and exposed infrastructure that can turn an application flaw into **host-level compromise**. Internet-facing deployments such as **Ollama** and **ChromaDB** drew attention as examples of expanding attack surface, while supply chain risk and AI-assisted "vibe coding" were cited as factors likely to introduce additional security flaws into rapidly deployed AI environments.
Jun 20, 2026
Pwn2Own Ireland 2025 Day One Exploits and Results
On the first day of Pwn2Own Ireland 2025, security researchers demonstrated the exploitation of 34 unique zero-day vulnerabilities across a wide range of consumer and enterprise devices. The event, organized by Trend Micro's Zero Day Initiative (ZDI), awarded a total of $522,500 in cash prizes to participating teams and individuals for their successful exploits. One of the most notable achievements was by Team DDOS, who chained eight zero-day vulnerabilities to compromise the QNAP Qhora-322 Ethernet wireless router via its WAN interface and subsequently gained access to a QNAP TS-453E NAS device, earning them $100,000 and 8 Master of Pwn points. Multiple teams, including Synacktiv, Summoning Team, DEVCORE, and Rapid7, achieved root-level code execution on devices such as the Synology BeeStation Plus, Synology DiskStation DS925+, QNAP TS-453E, and Home Assistant Green, each receiving $40,000 for their efforts. STARLabs, Team PetoWorks, Team ANHTUD, and Ierae researchers successfully exploited the Canon imageCLASS MF654Cdw multifunction laser printer in four separate attempts, highlighting the device's vulnerability. STARLabs also managed to hack the Sonos Era 300 smart speaker, earning $50,000, while Team ANHTUD exploited the Philips Hue Bridge for a $40,000 reward. The Summoning Team used a two-zero-day exploit chain to gain root on the Synology ActiveProtect Appliance DP320, securing an additional $50,000. By the end of the day, the Summoning Team led the Master of Pwn leaderboard with 11.5 points, closely followed by Team DDOS. The competition featured eight categories, including flagship smartphones, messaging apps, smart home devices, printers, and home networking equipment, with a total prize pool of up to $2,000,000 and a record $1,000,000 single prize for a 0-click WhatsApp exploit. The ZDI coordinates responsible disclosure with affected vendors, granting them 90 days to patch vulnerabilities before public disclosure. The event's schedule included a diverse set of targets and participants, with each attempt carefully timed and monitored. Technical details of the exploits ranged from stack-based and heap-based buffer overflows to complex exploit chains involving multiple zero-days. The competition not only showcased the skills of top security researchers but also contributed to improving the security posture of widely used devices. The responsible disclosure process ensures that vendors are alerted to critical vulnerabilities before they can be weaponized by malicious actors. The first day of Pwn2Own Ireland 2025 underscored the ongoing need for robust security research and proactive vulnerability management in the technology ecosystem. The event's results will drive future security updates and influence best practices across the industry. The high-profile nature of the competition and the significant financial incentives continue to attract elite researchers and teams from around the world.
Apr 19, 2026
Pwn2Own Ireland 2025 Day Two: Multiple Zero-Day Exploits Demonstrated Across Consumer Devices
Security researchers at Pwn2Own Ireland 2025 demonstrated 56 unique zero-day vulnerabilities across a range of consumer devices on the second day of the competition, earning a total of $792,750 in rewards. Notable exploits included a major Samsung Galaxy S25 compromise by The Summoning Team and Mobile Hacking Lab, who chained five vulnerabilities to achieve their result, as well as successful attacks against QNAP TS-453E, Synology DS925+, Canon imageCLASS MF654Cdw printer, Home Automation Green, and Phillips Hue Bridge. The event featured participation from leading teams and individuals, with The Summoning Team leading the scoreboard after their Samsung Galaxy exploit, and other teams such as CyCraft, Verichains, and Qrious Secure also earning significant rewards for their discoveries. The competition, sponsored by Meta, Synology, and QNAP, covered eight categories including flagship smartphones, printers, network storage, home networking gear, messaging apps, smart home and surveillance devices, and wearables. Vendors now have 90 days to address the vulnerabilities before public disclosure. Some exploits, such as the Synology BeeStation Plus, were ruled out of scope for the competition. The event highlights the ongoing risks posed by zero-day vulnerabilities in widely used consumer and enterprise devices, emphasizing the importance of coordinated vulnerability disclosure and rapid patching by vendors.
Mar 21, 2026