Competitors collected $385,750 in cash awards after exploiting 15 unique zero-day vulnerabilities during day two of Pwn2Own Berlin 2026.
Pwn2Own Berlin 2026 at OffensiveCon: scope and rules
Pwn2Own Berlin 2026 is running at the OffensiveCon conference from May 14 to May 16 and is focused on enterprise technologies and artificial intelligence. The contest lets security researchers earn upward of $1,000,000 in cash and prizes by hacking fully patched products across multiple categories: web browsers, enterprise applications, cloud-native/container environments, virtualization, local privilege escalation, servers, local inference, and large language model (LLM) categories.
According to the contest rules cited by the organizers, all targeted devices run the latest operating system versions, every entry must compromise the target and demonstrate arbitrary code execution, and affected vendors receive 90 days to issue fixes after the zero-days are disclosed at Pwn2Own.
Day two highlights: Microsoft Exchange, Windows 11, Red Hat Enterprise Linux
The most lucrative single demonstration on day two came from Cheng-Da Tsai (also known as Orange Tsai) of DEVCORE Research Team, who earned $200,000 by chaining three bugs to achieve remote code execution with SYSTEM privileges on Microsoft Exchange. Other successful day-two demonstrations included a $7,500 award to Siyeon Wi for exploiting an integer overflow in Windows 11, and a $10,000 prize to Ben Koo of Team DDOS for escalating privileges to root on Red Hat Enterprise Linux for Workstations.
Researchers 0xDACA and Noam Trobishi used a use-after-free defect to exploit the NVIDIA Container Toolkit during day two, adding to the list of container and virtualization-related findings at the event. In total, competitors reported and demonstrated 15 unique zero-day vulnerabilities across the day-two challenges.
AI and coding-agent exploits: Cursor and OpenAI Codex
The contest’s AI category produced several high-value demonstrations. Le Duc Anh Vu of Viettel Cyber Security earned $30,000 for a hack against the Cursor AI coding agent. Sina Kheirkhah of Summoning Team demonstrated a zero-day in OpenAI Codex for $20,000, and Compass Security successfully exploited Cursor for $15,000. These awards underline the event’s explicit focus on AI tools alongside traditional enterprise targets.
How Microsoft, Red Hat, NVIDIA, and AI tool operators are implicated
Microsoft, Red Hat, NVIDIA, and operators of AI coding agents are the specific vendors and projects named in day-two disclosures. Under Pwn2Own’s rules, each of these vendors will have a 90-day window in which to issue patches after the contest’s coordinated disclosure. The scope of affected products named during the event includes Microsoft Exchange and Windows 11, Red Hat Enterprise Linux for Workstations, the NVIDIA Container Toolkit, Cursor AI, and OpenAI Codex.
What this means for technologists, vendors, and enterprises
- Technologists and security teams: expect coordinated disclosure timelines — the contest’s 90-day vendor patch window will set the schedule for fixes and mitigations for Windows 11, Microsoft Exchange, Red Hat Enterprise Linux for Workstations, and affected AI agents named during day two.
- Vendors and product owners: demonstrated exploit chains — such as the three-bug chain used against Microsoft Exchange by Cheng-Da Tsai — will require root-cause analysis and patching work across multiple components to prevent similar privilege escalations or remote code execution.
- Enterprises and procurement leaders: the list of exploited targets — including servers, endpoint OSes, container tooling, and AI coding agents — highlights the range of assets that may need prioritization for patching once vendor fixes are released.
Context from day one, last year, and what’s next
Day one of Pwn2Own Berlin saw additional high-dollar wins. Orange Tsai earned $175,000 for chaining four logic bugs to escape the Microsoft Edge sandbox. Valentina Palmiotti (chompie) of IBM X-Force Offensive Research collected $20,000 for rooting Red Hat Linux for Workstations and $50,000 for an NVIDIA Container Toolkit zero-day. Windows 11 was hacked three separate times on day one by Angelboy and TwinkleStar03 (working with the DEVCORE Internship Program), Kentaro Kawane of GMO Cybersecurity, and Marcin Wiązowski, each receiving $30,000 for new privilege-escalation zero-days.
By way of historical comparison provided by the contest materials, TrendMicro’s Zero Day Initiative awarded $1,078,750 for 29 zero-day flaws (and some bug collisions) during last year’s Pwn2Own Berlin contest.
On day three, competitors will turn toward Microsoft Windows 11, VMware ESXi, Red Hat Enterprise Linux, Microsoft SharePoint, and several AI coding agents — continuing the event’s blend of server, desktop, virtualization, container, and AI targets.
Read the original Bleeping Computer report on day two of Pwn2Own Berlin 2026 here: https://www.bleepingcomputer.com/news/security/pwn2own-day-two-hackers-demo-microsoft-exchange-windows-11-red-had-enterprise-linux-zero-days/
