– Total prizes exceed $908,000 for 39 zero-days across Windows 11, Exchange, Edge, RHEL, Nvidia infrastructure, and AI platforms, with Day 3 results pending.
– Orange Tsai (DEVCORE) was the standout, earning $175,000 on Day 1 for four Edge sandbox-escape bugs and $200,000 on Day 2 for a fully patched Exchange Server RCE (highest so far).
– Windows 11 was breached across multiple days, with AI-related targets (Cursor AI, OpenAI Codex, etc.) also heavily featured.
– Event hit capacity for the first time in its 19-year history, with over 150 researchers turned away; vendors get 90 days to patch disclosed flaws.
Pwn2Own Berlin 2026 is wrapping up today at the OffensiveCon conference, and across two confirmed days the numbers is significant. Researchers have collected over $908,000 in prizes after demonstrating 39 unique zero-day vulnerabilities across Windows 11, Microsoft Exchange, Microsoft Edge, Red Hat Enterprise Linux, Nvidia infrastructure, and a string of AI platforms. Day 3 results are still to come.
Overview
Day 1 paid out $523,000 across 24 zero-days. The standout was Orange Tsai of the DEVCORE Research Team, who chained four logic bugs to escape the Microsoft Edge sandbox and earn $175,000 in a single demonstration. Windows 11 was hacked three separate times by three independent researchers, each earning $30,000 for privilege escalation zero-days. Valentina Palmiotti of IBM X-Force collected $70,000 across two separate exploits targeting the NVIDIA Container Toolkit and Red Hat Linux. The AI category was equally active: LiteLLM, OpenAI Codex, NVIDIA Megatron Bridge, Chroma, and LM Studio all fell on Day 1.
Day totals and exploits
Day 2 paid out $385,750 across 15 zero-days. Orange Tsai appeared again, this time chaining three bugs to gain remote code execution with SYSTEM privileges on a fully patched Microsoft Exchange Server, the single highest-earning exploit of the competition so far at $200,000. Windows 11 was hacked again on Day 2, as was the Cursor AI coding agent. OpenAI Codex was also targeted for a second time by a different researcher. The event hit capacity for the first time in its 19-year history, with over 150 researchers turned away due to scheduling limits, and some choosing to drop zero-days publicly rather than waiting for next year.
Attendance and patch policy
All vendors have 90 days from disclosure to patch the flaws demonstrated at Pwn2Own. This rule applies regardless of the vendor’s size or how critical the bug might be, and organizers warn that delayed patches could leave users exposed during the post-disclosure window. The event showcases the accelerating pace of security research, while also reminding vendors to keep patch processes tight, tested, and transparent, so the next Berlin edition builds on lessons learned this year.
Leave a Reply