Security researchers walked away with $1,298,250 after exploiting 47 zero-day flaws at Pwn2Own Berlin 2026, the three-day competition held at OffensiveCon from May 14 to May 16.
A three‑day tally: 47 zero‑days, $523,000, $385,750, $389,500
Across the contest's three days, competitors disclosed and exploited 47 unique zero-day vulnerabilities in a range of enterprise and AI-facing products. On day one researchers collected $523,000 for 24 unique zero-days; day two brought $385,750 for 15 zero-days; and the third day produced $389,500 for eight more exploits. The competition concentrated on fully patched products in categories that included web browsers, enterprise applications, local privilege escalation, servers, local inference, cloud-native/container environments, virtualization, and LLMs.
DEVCORE and the top prizes: Cheng‑Da Tsai’s $200,000 Exchange chain
DEVCORE won Pwn2Own Berlin 2026 with 50.5 Master of Pwn points and $505,000 in total rewards, after successful demonstrations against Microsoft SharePoint, Microsoft Exchange, Microsoft Edge, and Windows 11. The contest’s largest single award—$200,000—went to Cheng‑Da Tsai (also known as Orange Tsai) of the DEVCORE Research Team for chaining three bugs to achieve remote code execution with SYSTEM privileges on Microsoft Exchange.
Orange Tsai also earned $175,000 for a Microsoft Edge sandbox escape that chained four logic bugs. Other noted payouts included Valentina Palmiotti (chompie) of IBM X‑Force Offensive Research, who collected $70,000 for rooting Red Hat Linux for Workstations and for a zero-day in the NVIDIA Container Toolkit.
Other teams on the leaderboard included STARLabs SG, which took $242,500 and 25 points, and Out Of Bounds, which earned $95,750 and 12.75 points.
Targets and techniques: Exchange, Edge, Windows 11, Red Hat, VMware ESXi, and AI agents
Participants repeatedly demonstrated exploits against mainstream enterprise targets. Windows 11 was compromised multiple times during the event, including three successful hacks on the first day. Red Hat Enterprise Linux for Workstations was rooted more than once: researchers demonstrated a root-privilege escalation vulnerability on day two and again on day three.
On the final day competitors used a memory corruption bug to exploit VMware ESXi. The second day also featured zero-days in multiple AI coding agents. The contest therefore highlighted both traditional server and OS privilege-escalation techniques and newer attack surfaces tied to container tooling, AI coding agents, local inference, and cloud-native environments.
Pwn2Own Berlin’s operating rules and disclosure timeline: 90 days to patch
The contest took place as part of OffensiveCon and followed the disclosure practices tied to TrendMicro's Zero Day Initiative (ZDI). After Pwn2Own ends, vendors receive a 90-day window to release security patches; if vendors do not patch within that period, ZDI will publicly disclose the vulnerabilities. Organizers focused entries on fully patched products and rewarded chains substantial cash awards when researchers demonstrated code execution or privilege escalation under contest rules.
What this means for technologists, vendors, and enterprises
- Technologists and security teams: Expect high-priority fixes for Microsoft Exchange, Microsoft Edge, Windows 11, Red Hat Enterprise Linux for Workstations, VMware ESXi, NVIDIA Container Toolkit, and AI coding agents to arrive within the 90-day disclosure window. Teams should track vendor advisories tied to Pwn2Own disclosures and prioritize patches addressing remote code execution and local privilege escalation demonstrated during the event.
- Vendors and product owners: The presence of chained exploits and sandbox escapes that earned six-figure rewards underscores the practical risk of multi-bug attack chains. Vendors have the 90-day remediation window noted by ZDI and will face public disclosure if fixes are not produced in that timeframe.
- Enterprises and procurement leaders: The contest’s emphasis on enterprise and AI-focused categories signals that both longstanding infrastructure (mail servers, OSes, hypervisors) and newer AI and container stacks are high-value targets. Patch planning and validation should explicitly account for vendor timelines and the kinds of privilege-escalation and sandbox-escape techniques showcased in Berlin.
For historical perspective, last year’s Pwn2Own Berlin—won by the STAR Labs SG team—saw ZDI award $1,078,750 for 29 zero-day flaws and some bug collisions, a reminder that both the number of flaws and the aggregate payouts can fluctuate substantially from year to year.




