Pwn2Own Berlin 2026 wrapped up with another string of successful enterprise-targeted exploits, bringing the contest’s final tally to $1,298,250 awarded for 47 unique zero-day vulnerabilities discovered over three days.
DEVCORE secured the “Master of Pwn” title with 50.5 points and $505,000 in winnings after dominating multiple categories throughout the event.
Hosted during OffensiveCon in Berlin, this year’s Pwn2Own focused heavily on enterprise technologies, virtualization platforms, AI-powered developer tools, operating systems, and collaboration software. Day three featured several high-impact demonstrations against Windows 11, VMware ESXi, Microsoft SharePoint, Red Hat Enterprise Linux, and AI coding assistants.
One of the most significant exploits of the final day targeted VMware ESXi, VMware’s widely deployed enterprise hypervisor platform used by organizations worldwide to run virtualized workloads and cloud infrastructure. Nguyen Hoang Thach (“hi_im_d4rkn3ss”) of STARLabs SG successfully exploited a memory corruption vulnerability in VMware ESXi, combined with the competition’s Cross-tenant Code Execution add-on objective. The exploit earned the researcher $200,000 and 20 Master of Pwn points, making it one of the most valuable demonstrations of the event.
Microsoft SharePoint was also successfully compromised on stage by splitline of the DEVCORE Research Team, who chained together two vulnerabilities to achieve exploitation. The attack earned $100,000 and 10 Master of Pwn points.
Windows 11 was compromised by researchers Le Tran Hai Tung, dungnm, and hieuvd of Viettel Cyber Security, who used an integer overflow vulnerability to achieve local privilege escalation. Their exploit earned $7,500 and 3 Master of Pwn points.
Red Hat Enterprise Linux for Workstations was also successfully targeted during the final day. Researcher Hyunwoo Kim chained a use-after-free vulnerability with an uninitialized memory flaw to escalate privileges on the operating system. The exploit earned $5,000 and 2 Master of Pwn points.
AI-assisted development tools continued to draw attention during this year’s competition as vendors increasingly integrate autonomous coding capabilities into enterprise workflows. Satoki Tsuji of Ikotas Labs demonstrated an exploit against OpenAI Codex by abusing an external control mechanism to trigger unintended behavior and launch multiple calculator instances on the host system, a standard Pwn2Own proof-of-exploitation indicator. The successful demonstration earned $20,000 and 4 Master of Pwn points.
At the end of the competition, DEVCORE finished first overall with 50.5 points and $505,000 in winnings. STARLabs SG placed second with 25 points and $242,500, while Out Of Bounds secured third place with 12.75 points and $95,750.
As with previous Pwn2Own events, all successfully demonstrated vulnerabilities will be disclosed privately to the affected vendors under coordinated disclosure rules, giving companies time to develop and release security patches before technical details become public.
Leave a Reply