Hackers Earn Record Prize at Pwn2Own Berlin 2026 with 47 Zero-Day Exploits
Security Researchers Collect $1.3 Million in Rewards at Pwn2Own Berlin 2026
A group of skilled security researchers collectively earned $1,298,250 in rewards for identifying 47 zero-day vulnerabilities in various software applications at the recent Pwn2Own Berlin contest.
- The top prize of $200,000 was awarded to a researcher who successfully chained three separate bugs to achieve remote code execution with system privileges on Microsoft Exchange.
- DEVCORE took home $505,000 in rewards for identifying multiple local privilege escalation vulnerabilities in Windows 11 and Red Hat Enterprise Linux for Workstations.
- STARLabs SG secured $242,500 in prizes for demonstrating a zero-day in the NVIDIA Container Toolkit.
- Other notable wins included a sandbox escape in Microsoft Edge, memory corruption bug exploitation in VMware ESXi, and local privilege escalation vulnerabilities in Windows 11 and Red Hat Enterprise Linux for Workstations.
The researchers had a 90-day window to issue security patches for the identified vulnerabilities before they were publicly disclosed by Trend Micro’s Zero Day Initiative.
Last year’s Pwn2Own Berlin contest saw a total of $1,078,750 awarded for 29 zero-day flaws, highlighting the growing importance of addressing these types of vulnerabilities in a timely manner.
This year’s Pwn2Own Berlin contest serves as a reminder of the ongoing cat-and-mouse game between security researchers and malicious actors, with the former working tirelessly to identify and disclose vulnerabilities before they can be exploited by the latter.
As the stakes continue to rise, it is essential for organizations to prioritize vulnerability management and patching to prevent potential breaches.
About Author
English