top of page

Pwn2Own Berlin 2026 Day One: $523,000 Paid Out as AI Products Fall

  • May 15
  • 3 min read

Key Findings


  • Day one of Pwn2Own Berlin 2026 resulted in 24 zero-day vulnerabilities demonstrated across 22 entries, with researchers earning $523,000 in total rewards

  • Orange Tsai of DEVCORE Research Team dominated the leaderboard with a $175,000 Microsoft Edge sandbox escape using four chained logic bugs

  • Windows 11 was successfully exploited three times by different researchers, each demonstrating distinct privilege-escalation vulnerabilities on fully patched systems

  • AI platforms emerged as prominent targets, with multiple zero-days found in LiteLLM, OpenAI Codex, NVIDIA infrastructure, and vector databases

  • DEVCORE Research Team leads the overall standings with $205,000 after day one

  • Two attempts failed to execute within time limits, demonstrating the technical difficulty of live exploitation


Background


Pwn2Own Berlin represents the premier stage for security researchers to demonstrate previously unknown vulnerabilities in real-world software. The competition provides controlled conditions for vendors to learn about flaws before malicious actors discover them. Participants compete for both monetary rewards and Master of Pwn points, with the overall prize pool exceeding $1,000,000 across multiple days. All targets run the latest available software versions, and vendors receive 90 days to patch demonstrated vulnerabilities before public disclosure.


The Microsoft Edge Breakthrough


Orange Tsai's achievement set the tone for the entire competition. His approach differed markedly from typical sandbox escapes by relying solely on logic bugs rather than memory corruption techniques. By chaining four separate logical flaws, he created an exploit path that demonstrated sophisticated understanding of the browser's architecture. The $175,000 award and 17.5 Master of Pwn points reflected the technical complexity and significance of finding a memory-corruption-free chain in a heavily scrutinized product.


Windows 11 Under Siege


Three separate privilege-escalation vulnerabilities were successfully exploited on Windows 11 throughout the day. Angelboy and TwinkleStar03 from the DEVCORE Internship Program, Marcin Wiązowski, and Kentaro Kawane of GMO Cybersecurity each earned $30,000 for independent exploits on fully patched systems. The pattern of multiple researchers finding distinct bugs in the same target underscores the ongoing security challenges facing Microsoft's flagship operating system.


Valentina Palmiotti's Dual Victory


IBM X-Force Offensive Research's Valentina Palmiotti demonstrated the most productive individual performance, collecting $70,000 across two separate wins. Her $50,000 award for exploiting the NVIDIA Container Toolkit highlighted vulnerabilities in AI infrastructure that many organizations rely on. Her second win, a $20,000 award for escalating privileges on Red Hat Enterprise Linux for Workstations through a race condition, showed her ability to identify flaws across diverse platforms.


AI Platforms as Primary Targets


The competition's focus on enterprise and artificial intelligence technologies proved prescient, as multiple AI platforms fell to researcher ingenuity. LiteLLM succumbed to a three-bug chain combining server-side request forgery and code injection techniques, earning k3vg3n $40,000. OpenAI's Codex coding agent was independently exploited by two teams—Compass Security and Doyensec—each earning $40,000. STARLabs SG added another $40,000 by demonstrating a zero-day in LM Studio. These results demonstrate that AI platforms, despite their sophistication, contain exploitable flaws that could compromise enterprise systems.


NVIDIA Infrastructure Vulnerabilities


The NVIDIA ecosystem drew particular attention from researchers. Satoki Tsuji of Ikotas Labs earned $20,000 for identifying an overly permissive allowed list vulnerability in NVIDIA Megatron Bridge. The haehae researcher collected $40,000 across two separate vulnerabilities in Megatron Bridge and the Chroma vector database. These findings raise concerns about the security posture of AI infrastructure components that power many enterprise deployments.


The Road Ahead


Day two brings fresh targets including Microsoft SharePoint, Microsoft Exchange, Apple Safari, Mozilla Firefox, and additional AI platforms. With $523,000 already distributed and a full schedule remaining, the 2026 Berlin edition is positioned to exceed last year's payout of $1,078,750. The competition underscores that even mature, widely-used software contains significant security gaps, and organized vulnerability research in controlled settings remains essential for strengthening the broader software ecosystem.


Sources


  • https://securityaffairs.com/192183/hacking/pwn2own-berlin-2026-day-one-523000-paid-out-ai-products-fall.html

  • https://x.com/securityaffairs/status/2055157519702487140

  • https://x.com/shah_sheikh/status/2055169114017292589

  • https://www.linkedin.com/posts/cybercureme_pwn2own-berlin-2026-day-one-523000-paid-activity-7460934800896507905-bQrA

Recent Posts

See All

Comments


  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page