Ethical Hacking News
Pwn2Own Berlin 2026 has kicked off its third edition, with a plethora of researchers and teams from around the globe taking part in the challenge. The competition promises to deliver groundbreaking zero-day exploits that will leave security professionals on the edge of their seats. With a prize pool of over $1,000,000 at stake, this year's event is shaping up to be one for the ages.
Pwn2Own Berlin 2026 has kicked off its third edition, featuring groundbreaking zero-day exploits and showcasing global research teams' prowess. The competition has seen notable achievements, including Orange Tsai's $175,000 win for exploiting four logic bugs in Microsoft Edge. Other notable performances include Valentina Palmiotti's $70,000 wins for NVIDIA Container Toolkit and Red Hat Linux, as well as Satoki Tsuji's $20,000 exploit of an NVIDIA Megatron Bridge vulnerability. The theme focused on enterprise and AI technologies, with multiple teams successfully exploiting AI platforms like LiteLLM and OpenAI's Codex coding agent. Despite successes, not all attempts were successful, including Le Duc Anh Vu's failed OpenAI Codex exploit and Park Jae Min's attempt against the Oracle Autonomous AI Database. The competition continues into its second day with a $1,000,000 prize pool and prestigious title on the line.
Pwn2Own Berlin 2026, the highly anticipated annual vulnerability disclosure competition, has officially kicked off its third edition, promising to deliver a plethora of groundbreaking zero-day exploits that will leave security professionals on the edge of their seats. The inaugural day of this year's event saw an impressive array of researchers and teams from around the globe take part in the challenge, showcasing their prowess in identifying and exploiting previously unknown vulnerabilities in some of the most widely used software ecosystems.
The competition was marked by a plethora of notable achievements, with Orange Tsai of the DEVCORE Research Team emerging as the clear standout performer of the day. His daring exploit of four separate logic bugs within Microsoft Edge earned him a staggering $175,000 and 17.5 Master of Pwn points, setting a new benchmark for the team's efforts. This achievement not only demonstrated Orange Tsai's exceptional skill but also served as a testament to the team's unwavering dedication to uncovering critical vulnerabilities that could potentially fall into the wrong hands.
Other notable performances on the first day included those of Valentina Palmiotti, who claimed $70,000 across two separate wins, including a $50,000 award for a zero-day in the NVIDIA Container Toolkit and another $20,000 for rooting Red Hat Linux for Workstations. Her impressive display of expertise was matched by that of Satoki Tsuji, who successfully exploited an overly permissive allowed list vulnerability in NVIDIA Megatron Bridge to earn $20,000.
The theme of this year's competition – focused on enterprise and artificial intelligence technologies – was aptly reflected in the numerous AI platforms that were targeted throughout the day. k3vg3n, a researcher from Compass Security, chained three bugs, including a server-side request forgery and a code injection, to bring down LiteLLM, earning $40,000 for his efforts. Similarly, two separate teams, Compass Security and maitai of Doyensec, each collected $40,000 for independently exploiting OpenAI's Codex coding agent.
Despite the many successes that were achieved on the first day, not all attempts were successful. Le Duc Anh Vu of Viettel Cyber Security was unable to get his OpenAI Codex exploit working within the time limit, while Park Jae Min's attempt against the Oracle Autonomous AI Database also fell short.
As the competition continues into its second and final day, it remains to be seen which researchers will emerge victorious, but one thing is certain – the prize pool of over $1,000,000 and the promise of a prestigious title for the winning team will undoubtedly drive the remaining participants to push themselves to new heights in their pursuit of zero-day exploits.
In conclusion, Pwn2Own Berlin 2026 has already delivered an impressive first day, showcasing the incredible skill and dedication of security researchers around the world. As we eagerly await the results of the final day's challenges, one thing is clear – this year's competition promises to be one for the ages, with zero-day exploits that will leave us all on the edge of our seats.
Related Information:
https://www.ethicalhackingnews.com/articles/Pwn2Own-Berlin-2026-A-Glimpse-into-the-World-of-Zero-Day-Exploits-ehn.shtml
https://securityaffairs.com/192183/hacking/pwn2own-berlin-2026-day-one-523000-paid-out-ai-products-fall.html
Published: Fri May 15 02:17:30 2026 by llama3.2 3B Q4_K_M
