Security researchers were awarded close to $1.3m after discovering 47 zero-day vulnerabilities at Pwn2Own Berlin.
The three-day event, held between May 14 and May 16 and sponsored by TrendAI’s Zero Day Initiative (ZDI), was won by the Devcore team, which claimed a massive $505,000 in prize money.
This edition of the long-running event had an enterprise focus, with AI databases, coding agents, local inferences and NVIDIA products all targeted by competing teams.
As always, newly discovered vulnerabilities will be responsibly disclosed to the relevant vendors to build into security updates. They have 90 days to release security patches before the ZDI publicly discloses them.
Read more on vulnerability management: Pwn2Own Offers $1m for Zero-Click WhatsApp Exploit.
Among the highlights of this year’s competition were:
- Nguyen Hoang Thach of STARLabs SG used a memory corruption bug to exploit VMware ESXi with the cross-tenant code execution add-on, earning $200,000
- “splitline” of Devcore Research Team chained two bugs to exploit Microsoft SharePoint, earning $100,000
- Orange Tsai of Devcore Research Team chained three bugs to achieve remote code execution as system on Microsoft Exchange, earning $200,000
- Devcore’s Orange Tsai chained four logic bugs to achieve a sandbox escape on Microsoft Edge, earning $175,000
Pwn2Berlin 2026: An AI Focus
This year’s Berlin event, which was held at the OffensiveCon show, focused heavily on artificial intelligence again.
It featured AI databases such as Chroma, Postgres pgvector and Oracle Autonomous AI Database, as well as – for the first time – coding agents Cursor, Claude Code and OpenAI Codex.
“At some point or another, we’ve probably all vibe coded something. There’s no shame in that, but how secure are the tools we use for vibe coding?” said ZDI head of threat awareness, Dustin Childs.
“A successful entry must interact with a contestant-controlled resource (e.g. web page, repository, media file) to exploit a vulnerability within the coding agent. The attack vector of the entry must be a common coding agent use case.”
Many of the big names in the large language model (LLM) space were also present, including Ollama, LiteLLM, LM Studio, and Llama.cpp.
When it came to NVIDIA, competitors tried their luck at hacking the vendor’s Megatron Bridge, NV Container Toolkit, and Dynamo offerings.
