www.it-connect.fr
Pwn2Own Berlin 2026: 47 Zero-Day Flaws Exposed in VMware, Windows, AI Tools, and More
At the 2026 edition of Pwn2Own Berlin, hackers uncovered 47 zero-day security flaws over three days of competition. In total, the awards came to nearly $1.3 million.
A rain of dollars....
Once again, this famous hacking contest lived up to expectations, with a large number of vulnerabilities discovered and a total of $1,298,250 distributed to security researchers. The DEVCORE team topped the overall standings, earning the title of “Master of Pwn.” The team collected 50.5 points and took home a hefty $505,000.
On the other steps of the Berlin edition podium, we find:
- STARLabs SG : second place with 25 points and $242,500 in winnings.
- Out Of Bounds : third place with 12.75 points and $95,750.
So, which vulnerabilities were discovered? Let's take a look...
And a rain of zero-day flaws
Researchers were able to look for security flaws in a variety of products and solutions, such as virtualization platforms, operating systems, collaboration software, and even AI assistants. Here are some of the vulnerabilities discovered.
- VMware ESXi
Researcher Nguyen Hoang Thach from STARLabs SG landed a serious hit on VMware's flagship hypervisor. By exploiting a memory corruption vulnerability, combined with the additional goal of achieving multi-tenant code execution (“Cross-tenant Code Execution”), he was able to pocket $200,000.
- Microsoft SharePoint and Exchange
The SharePoint solution did not withstand researcher splitline from the DEVCORE team, who chained two vulnerabilities to compromise it and walked away with $100,000. The same goes for Microsoft Exchange, as three vulnerabilities were exploited together to achieve code execution as SYSTEM on a mail server ($200,000).
- Operating systems
As with every Pwn2Own edition, Windows 11 was hacked multiple times. Notably, the Viettel Cyber Security team exploited an integer overflow to gain a local privilege escalation ($7,500 reward).
For its part, Hyunwoo Kim compromised Red Hat Enterprise Linux for Workstations by combining a use-after-free flaw with an uninitialized memory bug ($5,000). Another vulnerability was also discovered in Red Hat Enterprise Linux for Workstations by Ben Koo ($10,000).
- AI tools
Satoki Tsuji (Ikotas Labs) successfully targeted OpenAI Codex. By abusing an external control mechanism, he triggered unexpected behavior that launched multiple calculator instances (proof of exploitation). The finding was rewarded with $20,000. The OtterSec research team also identified a flaw that enabled code injection within LM Studio ($20,000). In addition, a security flaw allowed Cursor to be compromised.
What happens to these vulnerabilities next? As required by Pwn2Own rules, details about all of these zero-day security flaws have been shared confidentially with the affected vendors (Microsoft, VMware, Red Hat, OpenAI...). This gives them the time needed to develop and deploy security patches before the technical details are made public.
Expect to need protection against these flaws in the coming weeks. To view a recap of this edition, check out these links:
