Pwn2Own Berlin 2026: 47 Zero-Days Net Hackers $1.3 Million

Key Takeaways

• 47 zero-day vulnerabilities were exploited across enterprise and AI products over three days
• DEVCORE won $505,000 after hacking SharePoint, Exchange, Edge, and Windows 11
• Vendors have 90 days to release patches before the Zero Day Initiative discloses details publicly

The Pwn2Own Berlin 2026 hacking competition ended Saturday with security researchers claiming $1,298,250 in total rewards. Over three days at the OffensiveCon conference, competitors demonstrated 47 unique zero-day vulnerabilities in fully patched enterprise software and AI systems.

DEVCORE, a Taiwan-based security research team, won the competition with 50.5 Master of Pwn points and $505,000 in prize money. The team successfully exploited Microsoft SharePoint, Microsoft Exchange, Microsoft Edge, and Windows 11. STARLabs SG finished second with $242,500 and 25 points, while Out Of Bounds took third with $95,750 and 12.75 points.

The $200,000 Exchange Chain

The contest's single highest payout went to Cheng-Da Tsai, known in the security community as Orange Tsai, from the DEVCORE Research Team. He earned $200,000 for chaining three bugs together to achieve remote code execution with SYSTEM privileges on Microsoft Exchange.

This was not Orange Tsai's only win. On day one, he collected an additional $175,000 for demonstrating a Microsoft Edge sandbox escape that chained four logic bugs together. His combined earnings exceeded $375,000 for two exploit chains.

Day-by-Day Breakdown

The competition ran May 14-16, targeting web browsers, enterprise applications, servers, virtualization platforms, containers, and large language model systems. Researchers attacked fully patched products across all categories.

Day one saw the highest activity with 24 unique zero-days earning researchers $523,000. Windows 11 fell three times to different teams. Valentina Palmiotti from IBM X-Force Offensive Research collected $70,000 for exploiting Red Hat Linux for Workstations and an NVIDIA Container Toolkit zero-day.

Day two brought 15 zero-days and $385,750 in payouts. Hackers demonstrated another Windows 11 local privilege escalation vulnerability, a root-privilege escalation in Red Hat Enterprise Linux for Workstations, and multiple zero-days in AI coding agents.

The final day yielded eight more zero-days worth $389,500. Competitors hacked Windows 11 and Red Hat Enterprise Linux for Workstations again. One team used a memory corruption bug to compromise VMware ESXi.

What Happens After Pwn2Own

Trend Micro's Zero Day Initiative (ZDI), which organizes Pwn2Own, follows a 90-day disclosure timeline. Vendors whose products were exploited receive full details of the vulnerabilities and have three months to release patches. After that window closes, ZDI publishes technical details publicly.

This year's haul exceeded last year's Pwn2Own Berlin, where ZDI awarded $1,078,750 for 29 zero-days. STARLabs SG won that 2025 competition but dropped to second place this year as DEVCORE dominated the leaderboard.

Products Targeted This Year

• Microsoft Exchange: Remote code execution with SYSTEM privileges
• Microsoft Edge: Sandbox escape via logic bug chain
• Windows 11: Multiple local privilege escalation vulnerabilities
• Microsoft SharePoint: Zero-day exploitation
• Red Hat Enterprise Linux for Workstations: Root privilege escalation
• NVIDIA Container Toolkit: Container escape vulnerability
• VMware ESXi: Memory corruption exploitation
• AI coding agents: Multiple zero-days in local inference category

The AI category is new to Pwn2Own. This year's contest added large language model and local inference targets, reflecting enterprise adoption of AI tools. Multiple AI coding agents were successfully exploited on day two, though ZDI has not disclosed which specific products were affected.

Why This Matters for Enterprise Security

Windows 11 was hacked at least five times across the three days. Red Hat Enterprise Linux fell multiple times. Microsoft Exchange, SharePoint, and Edge all had exploitable vulnerabilities in their fully patched versions.

Security teams should expect patches for these products in the coming weeks. Microsoft, Red Hat, NVIDIA, and VMware will receive detailed vulnerability reports from ZDI. The 90-day clock starts now.

For organizations running affected products, the immediate action is to monitor vendor security advisories. The specific technical details won't be public for three months, but patches will arrive sooner.

Frequently Asked Questions

When will patches be available for Pwn2Own Berlin 2026 vulnerabilities?

Vendors have 90 days from the competition end date (May 16, 2026) to release patches before ZDI publicly discloses details. Most major vendors release patches within weeks of receiving reports.

Who won Pwn2Own Berlin 2026?

DEVCORE won with 50.5 Master of Pwn points and $505,000 in prizes after exploiting Microsoft SharePoint, Exchange, Edge, and Windows 11.

What was the highest single bounty at Pwn2Own Berlin 2026?

Orange Tsai earned $200,000 for chaining three bugs to achieve remote code execution with SYSTEM privileges on Microsoft Exchange.

Were any AI products hacked at Pwn2Own Berlin 2026?

Yes. Multiple AI coding agents in the local inference category were exploited on day two. ZDI has not disclosed which specific products were affected.

How does Pwn2Own Berlin 2026 compare to last year?

This year saw more vulnerabilities discovered (47 vs 29) and higher total payouts ($1,298,250 vs $1,078,750). STARLabs SG won in 2025 but dropped to second place this year.

Source: BleepingComputer