Skip to main content
Emerging Threats

Security Researchers Expose Zero-Days in Windows 11, Microsoft Edge

Security researcher working with laptop and technical instruments in a laboratory setting.

Security researchers collected $523,000 in cash awards after exploiting 24 unique zero-days.

Orange Tsai’s Microsoft Edge sandbox escape: four logic bugs, $175,000

On the first day of Pwn2Own Berlin 2026, the standout entry was Orange Tsai, who was awarded $175,000 after chaining four logic bugs to achieve a sandbox escape on Microsoft Edge. The exploit was notable not only for the size of the award but for the technique: multiple logic flaws chained together to move from renderer-level compromise into an escaped sandbox. The coverage accompanying the event framed the development starkly: "AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming."

Windows 11 targeted and rooted: three separate privilege-escalation demonstrations

Windows 11 was demonstrated to be exploitable three times on day one. Angelboy and TwinkleStar03 (working with the DEVCORE Internship Program), Marcin Wiązowski, and Kentaro Kawane of GMO Cybersecurity each earned $30,000 in cash rewards for demonstrating new local privilege escalation zero-days against Windows 11. Each successful attempt was counted among the 24 unique zero-days exploited across categories such as web browsers, virtualization, local privilege escalation, and local inference.

Other notable breakouts and payouts: open-source, LLMs, and GPUs

Day one delivered a broad set of successful demonstrations beyond Edge and Windows. Valentina Palmiotti (chompie) of IBM X-Force Offensive Research (XOR) collected $20,000 after rooting Red Hat Linux for Workstations and another $50,000 for a zero-day in the NVIDIA Container Toolkit. k3vg3n chained three bugs to take down LiteLLM for $40,000. Satoki Tsuji and haehae exploited NVIDIA Megatron Bridge zero-days for $20,000. Compass Security and maitai of Doyensec each earned $40,000 for hacks against OpenAI's Codex coding agent; haehae dropped a Chroma zero-day for $20,000; and STARLabs SG captured a LM Studio zero-day for $40,000. Those discrete wins contributed to the day’s $523,000 total in cash awards.

DEVCORE leads the leaderboard; the contest and prize structure

The DEVCORE Research Team led the competition after day one with $205,000 in cumulative awards. Valentina Palmiotti sat second with $70,000. Organizers publicized that security researchers targeting fully patched products across categories — including web browsers, virtualization, local privilege escalation, servers, enterprise applications, cloud-native/container, local inference, and LLMs — can earn more than $1,000,000 in cash and prizes during the event. The Pwn2Own Berlin 2026 hacking contest, which focuses on enterprise technologies and artificial intelligence, takes place May 16; after the zero-day flaws are disclosed during the competition, vendors have 90 days to release security fixes for their software and hardware products.

What this means for technologists, procurement leaders, and policymakers

  • Technologists and security teams: The chainable nature of these exploits—illustrated by Orange Tsai’s four-bug Edge escape and the reported chaining of AI-driven zero-days—suggests defenders must verify not only individual mitigations but also how combinations of logic flaws interact across renderers and operating systems. The 90-day remediation window after disclosure will set a hard timeline for patches.
  • Procurement leaders and affected enterprises: The event highlighted that fully patched products were targeted successfully; procurement and asset owners should expect vendors to issue fixes within the stated 90-day window and plan for verification work when patches arrive.
  • Policymakers and regulators: With more than $1,000,000 in potential awards and a visible public marketplace for proof-of-concept exploitation, regulators may watch the pace of disclosure and patching closely given the public nature of the vulnerabilities and the explicit remediation timetable.

The first day of Pwn2Own Berlin 2026 made two things clear: multiple researchers can reliably find exploitable paths in fully patched, production software, and organizers will continue to make those flaws public under a fixed remediation clock. The competition’s second day lists an array of high-value targets — Microsoft SharePoint, Microsoft Exchange, Windows 11, Apple Safari, Cursor, Red Hat Enterprise Linux for Workstations, LM Studio, OpenAI Codex, LiteLLM, Anthropic Claude Code, and Mozilla Firefox — so the next set of disclosures and the vendor responses that follow will be the immediate measure of whether fixes close the same chains that researchers were able to stitch together on day one.

Original story: https://www.bleepingcomputer.com/news/security/windows-11-and-microsoft-edge-hacked-on-first-day-of-pwn2own-berlin-2026/