Researchers targeted fully patched products across a wide range of categories, including web browsers, enterprise applications, local privilege escalation, servers, local inference, cloud-native/container environments, virtualization, and Large Language Models (LLMs). ### Payout Breakdown The competition spanned three days, with significant payouts awarded each day: * Day 1: $523,000 for 24 unique zero-days. * Day 2: $385,750 for 15 zero-days. * Day 3: $389,500 for 8 zero-days. ### Top Performers **DEVCORE** emerged as the winner of this year's **Pwn2Own Berlin**, securing 50.5 Master of Pwn points and a substantial $505,000 in rewards. Their success stemmed from exploiting vulnerabilities in **Microsoft SharePoint**, **Microsoft Exchange**, **Microsoft Edge**, and **Windows 11**. **STARLabs SG** followed with $242,500 (25 points), and **Out Of Bounds** claimed the third spot with $95,750 (12.75 points).  *Pwn2Own Berlin 2026 leaderboard* ### Notable Exploits The highest single reward of $200,000 was awarded to **Cheng-Da Tsai** (also known as **Orange Tsai**) of the **DEVCORE** Research Team for chaining three bugs to achieve remote code execution with SYSTEM privileges on **Microsoft Exchange**. On the first day, **Orange Tsai** also earned $175,000 for a **Microsoft Edge** sandbox escape using four logic bugs. Additionally, **Valentina Palmiotti** (chompie) of **IBM X-Force** Offensive Research collected $70,000 for rooting **Red Hat Linux** for Workstations and exploiting an **NVIDIA** Container Toolkit zero-day. Further exploits included a **Windows 11** local privilege escalation, a root-privilege escalation in **Red Hat Enterprise Linux** for Workstations, and zero-days in several AI coding agents. A memory corruption bug was also leveraged to exploit **VMware ESXi**. ### Disclosure Timeline Following **Pwn2Own**, vendors are granted a 90-day window to develop and release security patches. After this period, **TrendMicro's Zero Day Initiative (ZDI)** will publicly disclose the details of the vulnerabilities. Last year's **Pwn2Own Berlin** saw **STAR Labs SG** win, with **ZDI** awarding $1,078,750 for 29 zero-day flaws and some bug collisions. [article image](https://www.bleepstatic.com/c/p/validation-gap.jpg) ## The Validation Gap: Automated Pentesting Answers One Question. You Need Six. Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold. This guide covers the 6 surfaces you actually need to validate. [Download Now](https://hubs.li/Q048zztN0)