Pwn2Own Berlin 2026 continued with another wave of successful zero-day demonstrations on Thursday, as security researchers earned $385,750 for 15 unique vulnerabilities targeting enterprise software, AI platforms, operating systems, and developer tools.
The biggest payout of the day went to DEVCORE’s Orange Tsai, who chained three vulnerabilities to achieve remote code execution as SYSTEM on Microsoft Exchange, earning $200,000 and 20 Master of Pwn points.
ZDI
AI-related targets also remained heavily in focus during the second day of the contest.
Researchers from OtterSec successfully exploited a code-injection vulnerability in LM Studio, earning $20,000 and 4 Master of Pwn points. LM Studio is a popular desktop application used for running local large language models on consumer hardware.
Viettel Cyber Security successfully exploited Cursor, an AI-powered code editor built on Visual Studio Code, earning $30,000 and 3 points. Later in the day, researchers from Compass Security also demonstrated a successful exploit against Cursor during a second-round attempt.
Sina Kheirkhah of Summoning Team successfully compromised OpenAI Codex in the Coding Agent category, earning $20,000 and four points. The exploit highlighted how AI-assisted coding environments are becoming increasingly attractive targets for attackers as enterprises integrate them into development workflows.
“Out of Bounds” hackers successfully targeted Ollama and also exploited LiteLLM, an increasingly used middleware layer for managing LLM APIs and routing requests between models.
Containerization and GPU infrastructure were also tested during the event. Security researchers 0xDACA and Noam Trobishi successfully exploited a use-after-free vulnerability in the NVIDIA Container Toolkit, earning $25,000 and 5 points. The toolkit is widely used in AI and GPU-accelerated cloud environments to provide container access to NVIDIA hardware.
On the operating system side, Ben Koo of Team DDOS used a use-after-free bug to escalate privileges on Red Hat Enterprise Linux for Workstations, while Siyeon Wi exploited an integer overflow vulnerability to gain elevated privileges on Windows 11.
After Day 2, the contest’s total payouts reached $908,750 for 39 unique zero-days disclosed during the event. DEVCORE now leads the Master of Pwn rankings with 40.5 points and $405,000 in earnings.
ZDI
Pwn2Own Berlin 2026 concludes tomorrow, with additional enterprise, browser, virtualization, and AI targets still scheduled for exploitation attempts.
Vendors whose products were successfully exploited during the event now have 90 days to release security updates before Trend Micro’s Zero Day Initiative publicly discloses the technical details of the vulnerabilities.
Leave a Reply