The air in Berlin, thick with the hum of servers and the palpable tension of competition, crackled with a different kind of energy on day two of Pwn2Own 2026. Competitors, armed with little more than sheer intellect and a deep understanding of software’s hidden fault lines, had already wracked up a staggering $385,750 in cash awards by exploiting 15 unique zero-day vulnerabilities across a raft of critical enterprise products.
Forget the hypothetical threats that populate marketing brochures. This is where the rubber meets the road, where real, demonstrable vulnerabilities in products like Windows 11, Microsoft Exchange, and Red Hat Enterprise Linux for Workstations are laid bare for the world to see. The competition, running alongside OffensiveCon, specifically targets enterprise tech and the burgeoning AI landscape, meaning the stakes are higher than ever for the vendors whose creations are put under the microscope.
Here’s the thing about Pwn2Own: it’s not just about finding bugs. It’s about chaining them, weaving a narrative of compromise that starts with a seemingly innocuous entry point and ends with the keys to the kingdom — SYSTEM privileges, root access, arbitrary code execution. The rules are simple, brutal, and effective: fully patched systems, latest OS versions, and a clear demonstration of control.
The Exchange Heist: A Masterclass in Exploitation
The undisputed highlight of the second day belonged to Cheng-Da Tsai, better known in the cybersecurity circuit as Orange Tsai. This wasn’t a simple bug find; Tsai orchestrated a symphony of three separate vulnerabilities, a feat that netted him a cool $200,000. The target? Microsoft Exchange, a linchpin for countless organizations. The outcome? Remote code execution with the highest possible privileges on the server. It’s a stark reminder that even deeply entrenched, heavily scrutinized platforms can harbor pathways to profound compromise.
This is not about theoretical attack vectors; this is about proving, in real-time, the devastating potential of undiscovered flaws in mission-critical software. When systems like Exchange, which handle vast troves of sensitive corporate data, can be compromised so thoroughly, the implications are immense.
Windows 11 and Linux: Not Immune
But Tsai’s triumph wasn’t an isolated incident. Siyeon Wi pocketed $7,500 for an integer overflow bug that cracked open Windows 11. Ben Koo, representing Team DDOS, managed to escalate privileges all the way to root on Red Hat Enterprise Linux for Workstations, earning $10,000 for his efforts. Even the NVIDIA Container Toolkit, a component increasingly vital in AI and cloud deployments, wasn’t safe, with 0xDACA and Noam Trobishi demonstrating a use-after-free vulnerability.
The AI Front: A New Frontier for Vulnerabilities
The AI category, a major focus for Pwn2Own Berlin this year, also saw significant activity. Le Duc Anh Vu from Viettel Cyber Security walked away with $30,000 for breaching the Cursor AI coding agent. Sina Kheirkhah of Summoning Team scored $20,000 for a zero-day in OpenAI Codex, and Compass Security nabbed $15,000 by exploiting Cursor itself. This suggests that as AI tools become more integrated into development and operations workflows, they’re also becoming new, potentially lucrative, attack surfaces. We’re moving beyond just exploiting operating systems and applications; we’re now talking about compromising the very tools that build and manage them.
A Familiar Pattern, Elevated Stakes
This year’s competition echoes the relentless pace of discovery seen in previous Pwn2Own events. On day one, Orange Tsai was already at it, earning $175,000 for a Microsoft Edge sandbox escape. IBM X-Force’s Valentina Palmiotti secured substantial winnings for rooting Red Hat Linux and exploiting the NVIDIA Container Toolkit. Windows 11, notably, was targeted multiple times on day one as well, underscoring its perennial appeal to security researchers looking to demonstrate privilege escalation.
The third day promises further fireworks, with targets including Windows 11, VMware ESXi, Microsoft SharePoint, and more AI agents. The vendors involved have a standard 90-day window to patch these vulnerabilities once disclosed, a process that Pwn2Own facilitates. It’s a necessary evil: the public disclosure of these flaws incentivizes rapid remediation, even as it temporarily exposes users to risk.
My unique insight here? While Pwn2Own is an invaluable testing ground, the sheer volume and interconnectedness of the exploits demonstrated — particularly the chaining of bugs across different product categories — point towards a deepening architectural fragility. It’s less about individual software flaws and more about how the complex, interdependency of modern enterprise systems creates cascading vulnerabilities. The vendors are building complex Lego castles, and the researchers are finding the one loose brick that can bring the whole thing down.
What Does This Mean for Your Security Posture?
The immediate takeaway isn’t panic, but a sober assessment. Automated pentesting tools are useful for simulating network movement, but they can’t replicate the nuanced, creative exploitation seen at Pwn2Own. This event highlights the critical need for continuous, human-led adversarial testing that goes beyond simple vulnerability scanning to truly validate detection, prevention, and response capabilities. It’s about understanding not just if a system can be breached, but how and how quickly your defenses will react.
Will This Replace My Job?
No, Pwn2Own-style exploitation is far from automated and requires deep human expertise. While AI tools are emerging in cybersecurity, they currently augment, rather than replace, human researchers and security professionals. The creative, adversarial thinking demonstrated here is still a distinctly human capability.
How Long Do Vendors Have to Fix These Bugs?
Typically, vendors have a 90-day window after the zero-day vulnerabilities are publicly disclosed at Pwn2Own to develop and deploy patches. This allows for a structured response to mitigate the risks presented by the discovered flaws.
What is a ‘Zero-Day’ Vulnerability?
A zero-day vulnerability is a flaw in software or hardware that is unknown to the vendor or the public. Attackers can exploit this vulnerability before the vendor is aware of it or has had a chance to create a fix, making it particularly dangerous.
