Pwn2Own Berlin 2026 has quickly become one of the most consequential offensive security contests in recent years. Day Two delivered 15 new zero-day vulnerability demonstrations targeting high-value enterprise software, AI development tools, and major operating systems. Researchers added $385,750 in rewards on the second day alone, pushing the event total to $908,750 across 39 unique bugs discovered so far.
The Headliner: Full RCE Chain on Microsoft Exchange
The standout achievement of Day Two came from Orange Tsai of DEVCORE, who chained three separate vulnerabilities to achieve remote code execution (RCE) with SYSTEM-level privileges on Microsoft Exchange Server. This full-chain attack earned $200,000 and 20 Master of Pwn points — the highest single-exploit payout of Pwn2Own Berlin 2026.
The real-world significance of Exchange exploitation is severe. Exchange servers sit at the core of enterprise communication infrastructure, making a successful RCE a gateway to:
- Full access to organizational email flows, enabling silent interception of sensitive communications.
- Lateral movement across corporate networks using Exchange as a pivot point.
- Deployment of malware or backdoors affecting all connected mail clients.
- Business email compromise (BEC) attacks via executive impersonation.
This type of chained Exchange vulnerability has historically been weaponized by state-sponsored threat actors — most notably in the 2021 ProxyLogon attacks — making its disclosure at Pwn2Own a critical signal for enterprise defenders.
Windows 11 and Linux Privilege Escalation
Operating systems were heavily targeted throughout the second day:
- Windows 11: Siyeon Wi demonstrated an integer overflow vulnerability that enables local privilege escalation on Windows 11, earning $7,500. Integer overflows enabling privilege escalation are particularly dangerous because they can convert limited user-level access into full system control — a critical stepping stone in multi-stage attacks.
- Red Hat Enterprise Linux: Ben Koo of Team DDOS exploited a use-after-free vulnerability in RHEL to escalate privileges. Use-after-free bugs in kernel memory management continue to be one of the most persistent and dangerous vulnerability classes across all major operating systems.
AI Tools Become Prime Targets
One of the most striking patterns from Pwn2Own Berlin 2026 is the emergence of AI-powered development tools as high-value attack targets. Day Two saw multiple successful exploits against these platforms:
- Cursor IDE was successfully compromised by two separate research teams, confirming multiple distinct vulnerabilities in the AI-assisted coding environment.
- OpenAI Codex was breached by the Summoning Team using a novel exploit chain.
- LM Studio fell victim to a code-injection attack executed by OtterSec researchers.
AI development tools are particularly attractive targets because they have privileged access to source code, developer credentials, API keys, and software build pipelines. A successful compromise of a developer IDE could have catastrophic implications for software supply chain security — potentially enabling silent insertion of malicious code into production software.
Failed Attempts and Collision Outcomes
Not all demonstrations were successful. Exploit attempts targeting Apple Safari, Microsoft SharePoint, and Mozilla Firefox failed during execution — a reminder that even well-prepared research does not guarantee reliable exploitation of hardened targets. Several other entries resulted in collision outcomes, where researchers demonstrated valid vulnerabilities that had already been discovered by other competing teams at the event. These are still rewarded, but at reduced prize values.
Leaderboard and Final Day Preview
Heading into the final day of competition, DEVCORE leads the Master of Pwn standings with 40.5 points and $405,000 in total earnings, largely driven by the high-impact Exchange RCE chain. With 39 unique bugs already discovered, Pwn2Own Berlin 2026 is tracking to be among the most prolific in the contest history.
All vulnerabilities demonstrated at Pwn2Own are disclosed to affected vendors under responsible disclosure timelines. Organizations should monitor patch releases from Microsoft, Red Hat, and AI platform providers in the coming weeks and prioritize updates to affected systems — particularly any internet-facing Microsoft Exchange deployments — as patches become available.