Security researchers at Pwn2Own Berlin 2026 cracked Microsoft Exchange, Windows 11, and Red Hat Enterprise Linux in one day using new zero-day vulnerabilities. The most expensive exploit earned the hacker $200,000 and allowed him to gain full control of Microsoft Exchange.
During the second day of Pwn2Own Berlin 2026, 15 unique zero-day vulnerabilities were discovered in Windows 11, Microsoft Exchange, Red Hat Enterprise Linux and AI Platforms for which 15 researchers collected a combined sum of $385,750.
Pwn2Own Berlin takes place as part of the OffensiveCon (May 14 – 16) where focus has been placed on enterprise technologies and artificial intelligence systems. The overall bounty for Pwn2Own Berlin 2026 has surpassed the $1 million mark and all contestants attacked completely up-to-date products across six different categories including browsers, servers, virtualization, container environments, enterprise applications and AI Solutions.
Orange Tsai, aka Chen Da Tsai of the DEVCORE Research Team was rewarded $200,000 for his most lucrative discovery during the second day. Orange was able to create a single attack chain using three separate vulnerabilities and achieve remote code execution with system privileges against Microsoft Exchange.
Participants also had success exploiting bugs in Windows 11. Sien Wi was rewarded $7,500 for remotely escalating privileges using an integer overflow bug.
Ben Ku of Team DDOS was successful in escalating privileges to root in Red Hat Enterprise Linux for Workstations and received a further $10,000. Researchers 0xDACA and Noam Trobishi used a use-after-free vulnerability to demonstrate an attack against NVIDIA Container Toolkit.
Additionally, multiple researchers were successful in demonstrating several successful attacks within the same hour. Le Duc Anh Vu from Viettel Cyber Security successfully exploited the AI Agent Cursor, earning $30,000. Sina Khairkhah from Summoning Team exploited a zero-day for OpenAI Codex and earned $20,000. Additionally, Compass Security was awarded a further $15,000 after successfully demonstrating an additional attack on Cursor.
Day one of Pwn2Own was equally busy. Orange Tsai earned an additional $175,000 when he escaped the Microsoft Edge Sandbox through a chain of four logical errors. Valentina Palmiotti of IBM X-Force Offensive Research gained root access in Red Hat Linux for Workstations and separately demonstrated a zero-day for NVIDIA Container Toolkit. Windows 11 was successfully hacked three additional times on Day One. Angelboy, TwinkleStar03 and Kentaro Kawane from GMO Cybersecurity were each awarded $30,000 for discovering new local privilege escalation vulnerabilities.
On the final day of the event participants will attempt to hack Windows 11, VMware ESXi, Red Hat Enterprise Linux, Microsoft SharePoint and several AI Agents to write code.
