The Pwn2Own Berlin 2026 competition demonstrated 47 zero-day exploits across a wide range of enterprise technologies, including Microsoft Exchange, Windows 11, Microsoft Edge, Red Hat Enterprise Linux, VMware ESXi, and AI coding agents, using methods such as bug chaining for sandbox escape and remote code execution. The article does not provide specific CVE identifiers, CVSS scores, or detailed version ranges for the affected products. All discovered vulnerabilities are reported to vendors through the Zero Day Initiative, which provides a 90-day disclosure window before public release.
Hackers earn $1,298,250 for 47 zero-days at Pwn2Own Berlin 2026 By Sergiu Gatlan May 18, 2026 01:33 AM 0 The Pwn2Own Berlin 2026 hacking contest has concluded, with security researchers collecting $1,298,250 in rewards after exploiting 47 zero-day flaws. The competition took place at the OffensiveCon conference from May 14 to May 16 and focused on enterprise technologies and artificial intelligence. Throughout the contest, the hackers targeted fully patched products across web browsers, enterprise applications, local privilege escalation, servers, local inference, cloud-native/container environments, virtualization, and LLM categories. Competitors collected $523,000 in cash awards on the first day for 24 unique zero-days, and another $385,750 on the second day for exploiting 15 zero-days. On the third day of Pwn2Own, they earned another $389,500 for eight more zero-days. DEVCORE won this year's edition of Pwn2Own Berlin with 50.5 Master of Pwn points and $505,000 in rewards throughout the three-day contest after hacking Microsoft SharePoint, Microsoft Exchange, Microsoft Edge, and Windows 11, followed by STARLabs SG with $242,500 (25 points) and Out Of Bounds with $95,750 (12.75 points). Pwn2Own Berlin 2026 leaderboard The competition's highest reward was $200,000, awarded to Cheng-Da Tsai (also known as Orange Tsai) of the DEVCORE Research Team after chaining three bugs to gain remote code execution with SYSTEM privileges on Microsoft Exchange. On the first day , Orange Tsai earned another $175,000 for a Microsoft Edge sandbox escape chaining 4 logic bugs, Windows 11 was hacked 3 times, and Valentina Palmiotti (chompie) of IBM X-Force Offensive Research collected $70,000 for rooting Red Hat Linux for Workstations and an NVIDIA Container Toolkit zero-day. On the second day , the hackers demonstrated another Windows 11 local privilege escalation vulnerability, a root-privilege escalation vulnerability in Red Hat Enterprise Linux for Workstations, and zero-days in multiple AI coding agents. On the third and final day of the contest, the competitors hacked Windows 11 and Red Hat Enterprise Linux for Workstations again, and used a memory corruption bug to exploit VMware ESXi. After Pwn2Own ends, vendors have 90 days to release security patches before TrendMicro's Zero Day Initiative (ZDI) publicly discloses them. During last year's Pwn2Own Berlin contest , won by the STAR Labs SG team, ZDI awarded 1,078,750 for 29 zero-day flaws and some bug collisions. The Validation Gap: Automated Pentesting Answers One Question. You Need Six. Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold. This guide covers the 6 surfaces you actually need to validate. Download Now Related Articles: Windows 11 and Microsoft Edge hacked at Pwn2Own Berlin 2026 Microsoft Exchange, Windows 11 hacked on second day of Pwn2Own Microsoft warns of Exchange zero-day flaw exploited in attacks Google: Hackers used AI to develop zero-day exploit for web admin tool Microsoft now lets admins uninstall Copilot on enterprise devices