Raul Delapena Setiawan
The cybersecurity landscape faced a rigorous stress test this week as the world’s most elite security researchers converged on Berlin for the Pwn2Own 2026 competition. Held in conjunction with the prestigious OffensiveCon conference from May 14 to May 16, the event serves as a high-stakes arena where the security of the world’s most widely used enterprise technologies is put to the ultimate test.
During the second day of the competition, the atmosphere was electric as researchers successfully exploited 15 unique zero-day vulnerabilities, resulting in a staggering $385,750 in cash payouts. From the depths of Microsoft Exchange’s architecture to the cutting edge of AI-driven coding assistants, the vulnerabilities identified underscore the persistent fragility of the modern digital ecosystem.
The Pwn2Own Ethos: Hardened Targets and High Stakes
Pwn2Own is not merely a competition; it is a critical disclosure mechanism for the global technology industry. Organized by Trend Micro’s Zero Day Initiative (ZDI), the event operates under a strict set of rules that mirror real-world threat actor capabilities. Every target device is fully patched and configured to the latest version, ensuring that the exploits demonstrated are true zero-days—flaws previously unknown to the vendors.
To secure a prize, researchers must compromise their target and demonstrate arbitrary code execution—the "holy grail" of offensive security. Once an exploit is successfully executed, the ZDI grants the affected vendors a 90-day window to develop, test, and release security patches before the details of the vulnerabilities are made public. This process forces a cycle of rapid innovation and security hardening that benefits the entire global infrastructure.
Chronology of Exploitation: A Breakdown of Day Two
The second day of Pwn2Own Berlin 2026 was defined by the sheer technical prowess of the participants. While the first day saw significant breaches in Microsoft Edge and NVIDIA’s container ecosystem, day two shifted focus toward enterprise server stability and the burgeoning field of AI security.
The Microsoft Exchange Breach
The undisputed highlight of the day was the performance of Cheng-Da Tsai, widely known in the industry as "Orange Tsai," representing the DEVCORE Research Team. In a masterclass of vulnerability chaining, Tsai systematically exploited three distinct bugs to gain Remote Code Execution (RCE) with SYSTEM-level privileges on a fully updated Microsoft Exchange server. This feat earned him a $200,000 bounty, cementing his reputation as one of the world’s most formidable security researchers.
Local Privilege Escalation and Container Security
Beyond the server side, the competition highlighted the vulnerability of workstations and containerized environments. Siyeon Wi successfully demonstrated an integer overflow exploit to compromise Windows 11, walking away with a $7,500 prize. Simultaneously, Ben Koo of Team DDOS navigated the complexities of Red Hat Enterprise Linux (RHEL) for Workstations, executing a privilege escalation to root that secured him a $10,000 reward.
The NVIDIA Container Toolkit also remained a primary target. The researchers 0xDACA and Noam Trobishi utilized a use-after-free vulnerability to break out of the container environment, highlighting that even hardened, isolated infrastructure remains susceptible to sophisticated memory corruption attacks.
The AI Frontier: Securing the Coding Assistants
A defining feature of Pwn2Own 2026 is its heavy emphasis on Artificial Intelligence. As enterprises move to integrate Large Language Models (LLMs) and coding agents into their development pipelines, these tools have become high-value targets for threat actors.
The AI category saw intense competition on day two:
- Viettel Cyber Security: Researcher Le Duc Anh Vu successfully hacked the Cursor AI coding agent, demonstrating how an attacker could potentially manipulate the AI’s suggestions or gain access to the underlying development environment, netting a $30,000 prize.
- Summoning Team: Sina Kheirkhah provided a live demonstration of a zero-day exploit targeting OpenAI Codex, proving that even the models powering enterprise-grade tools are vulnerable to sophisticated input manipulation and logic errors. This exploit earned a $20,000 payout.
- Compass Security: Building on the trend of targeting AI agents, Compass Security executed a successful exploit against the Cursor platform, earning $15,000.
These results signal a shift in the threat landscape. As companies race to adopt AI-assisted coding, the security community is sounding an early alarm: the infrastructure powering these agents must be subject to the same rigorous scrutiny as traditional software stacks.
Recap of Day One: The Foundation of the Conflict
The momentum of day two was built upon a highly productive opening session. On the first day of the event, Orange Tsai demonstrated his versatility by chaining four logic bugs to achieve a sandbox escape in Microsoft Edge, earning $175,000.
Valentina Palmiotti (known as "chompie") of IBM X-Force Offensive Research also delivered a standout performance, collecting $20,000 for rooting RHEL and a further $50,000 for an NVIDIA Container Toolkit zero-day. Windows 11 was also compromised three separate times on the first day by researchers including Angelboy, TwinkleStar03, Kentaro Kawane, and Marcin Wiązowski, each earning $30,000 for identifying new privilege escalation vectors.
Supporting Data and Financial Incentives
The total prize pool for Pwn2Own Berlin 2026 exceeds $1,000,000. The categories are meticulously structured to cover the entire stack of modern enterprise computing:
- Web Browsers & Applications: Testing the boundary between the user and the internet.
- Cloud-Native/Container Environments: Assessing the integrity of isolated workloads.
- Virtualization & Servers: Probing the core of enterprise data centers.
- Local Inference & LLMs: A new, critical frontier focusing on the security of AI models.
When compared to the 2025 iteration of the event—where ZDI awarded $1,078,750 for 29 zero-day flaws—the 2026 event is on track to match or exceed previous records. The "bug collision" rate, where multiple researchers find the same flaw, remains a point of interest for the organizers, as it serves as a metric for the prevalence of certain software weaknesses.
Implications for Global Enterprise Security
The findings from Pwn2Own Berlin 2026 carry profound implications for the global technology industry.
1. The Persistence of "System" Privileges
The fact that researchers can still achieve SYSTEM-level access on Microsoft Exchange and root access on Red Hat Linux indicates that despite decades of security hardening, the core kernel and service architectures remain inherently complex. Complexity, as always, is the enemy of security.
2. The Rise of the AI Attack Surface
The successful exploitation of Cursor AI and OpenAI Codex is a harbinger of future enterprise risks. If an attacker can compromise a coding agent, they can effectively "poison" the software development lifecycle (SDLC), injecting vulnerabilities into a company’s proprietary code before it is even compiled. This represents a significant shift from attacking the end product to attacking the process of creation.
3. The Necessity of the 90-Day Disclosure Window
The ZDI’s policy of public disclosure after 90 days remains the industry’s most effective catalyst for patch management. By creating a transparent timeline, the event prevents the "silence" that often protects vulnerabilities, ensuring that vendors prioritize fixes based on proven, rather than theoretical, risks.
Looking Ahead: The Final Day
As the competition moves into its third and final day, the focus remains on high-impact targets. The schedule includes further attempts to compromise Windows 11, VMware ESXi—a critical component of cloud infrastructure—and additional penetration testing of AI coding agents.
The results of these challenges will be compiled into the final ZDI report, which will serve as a roadmap for security teams worldwide to prioritize their defensive efforts. For now, the takeaway is clear: as we integrate more powerful, automated technologies into our enterprise environments, the necessity for robust, proactive, and aggressive security validation has never been higher.
The researchers in Berlin are not just winning prizes; they are writing the future of defense, one exploit at a time. The vendors involved—Microsoft, Red Hat, NVIDIA, and others—now face the daunting but essential task of ensuring that these vulnerabilities are neutralized before the next generation of threat actors can reverse-engineer the findings presented on the Pwn2Own stage.
Lina Hope
Reynand Wu
Sagoh
Suro Senen
Layla Zulfa
Dwi Wanna