Hackers Earn $1.3 Million at Pwn2Own Berlin 2026

Hackers Earn $1.3 Million at Pwn2Own Berlin 2026

Briefly

"According to TrendAI's Zero Day Initiative (ZDI), white hat hackers have been awarded $1,298,250 for 47 unique vulnerabilities. Nearly $750,000 of the total amount was won by the first two teams: Devcore and StarLabs SG. The two teams also received the highest payouts for a single exploit chain. Devcore earned $200,000 for a remote code execution exploit with System privileges on Microsoft Exchange, and $175,000 for a Microsoft Edge sandbox escape. It also received $100,000 for exploiting Microsoft SharePoint."

"StarLabs SG won $200,000 for a VMware ESX exploit that included a cross-tenant code execution add-on. VMware was at the event and noted last week that Pwn2Own participants can earn up to $200,000 for ESX exploits. The third-place team, Out Of Bounds, earned a total of $95,750."

"Unsurprisingly, there were many successful attempts in the AI product category. Participants earned $40,000 rewards for hacking LiteLLM, OpenAI Codex, and LM Studio. Cursor exploits earned $15,000 and $30,000, while an Ollama exploit earned researchers $28,000 (the exploit included a known vulnerability). $20,000 bounties were received by Pwn2Own participants for OpenAI Codex, Claude Code, LM Studio, NVIDIA Megatron Bridge, and Chroma vulnerabilities."

"Between $2,500 and $50,000 was earned for various exploits targeting Red Hat Linux, Windows 11, NVIDIA Megatron Bridge, and NVIDIA Container Toolkit. There were eight failed attempts. They targeted Oracle Autonomous AI Database, NV Container Toolkit, OpenAI Codex, Safari, SharePoint, Red Hat Enterprise Linux for Workstations, Firefox, and VMware ESX."