Pwn2Own Berlin 2026 has come to an finish, and members earned a complete of almost $1.3 millon for exploits concentrating on Home windows, Linux, VMware, Nvidia, and AI merchandise.
In line with TrendAI’s Zero Day Initiative (ZDI), white hat hackers have been awarded $1,298,250 for 47 distinctive vulnerabilities. Practically $750,000 of the overall quantity was gained by the primary two groups: Devcore and StarLabs SG.
The 2 groups additionally obtained the best payouts for a single exploit chain. Devcore earned $200,000 for a distant code execution exploit with System privileges on Microsoft Trade, and $175,000 for a Microsoft Edge sandbox escape. It additionally obtained $100,000 for exploiting Microsoft SharePoint.
StarLabs SG gained $200,000 for a VMware ESX exploit that included a cross-tenant code execution add-on. VMware was on the occasion and famous final week that Pwn2Own members can earn as much as $200,000 for ESX exploits.
The third-place group, Out Of Bounds, earned a complete of $95,750.
Unsurprisingly, there have been many profitable makes an attempt within the AI product class. Individuals earned $40,000 rewards for hacking LiteLLM, OpenAI Codex, and LM Studio.
Cursor exploits earned $15,000 and $30,000, whereas an Ollama exploit earned researchers $28,000 (the exploit included a recognized vulnerability). $20,000 bounties had been obtained by Pwn2Own members for OpenAI Codex, Claude Code, LM Studio, NVIDIA Megatron Bridge, and Chroma vulnerabilities.
Between $2,500 and $50,000 was earned for numerous exploits concentrating on Purple Hat Linux, Home windows 11, NVIDIA Megatron Bridge, and NVIDIA Container Toolkit.
There have been eight failed makes an attempt. They focused Oracle Autonomous AI Database, NV Container Toolkit, OpenAI Codex, Safari, SharePoint, Purple Hat Enterprise Linux for Workstations, Firefox, and VMware ESX.
Worldwide Cyber Digest reported that a number of groups had been unable to join Pwn2Own as a result of all time slots had been already taken. Some white hat hackers who couldn’t register determined to reveal their findings on to distributors, and a few have begun publicly disclosing their exploits.
Associated: China Revives Tianfu Cup Hacking Contest Underneath Elevated Secrecy
Associated: Infotainment, EV Charger Exploits Earn Hackers $1M at Pwn2Own Automotive 2026
Associated: $1M WhatsApp Hack Flops: Solely Low-Danger Bugs Disclosed to Meta After Pwn2Own Withdrawal
