Pwn2Own Berlin 2026 is rapidly escalating into one of the most intense offensive security contests in recent years, with Day Two delivering a fresh wave of critical zero-day exploits targeting enterprise software, AI tools, and operating systems.
Security researchers demonstrated real-world attack scenarios against high-value targets, including Microsoft Exchange, Windows 11, and AI coding platforms, highlighting the growing attack surface in modern environments.
Following a strong opening day, the second day added $385,750 in rewards for 15 new zero-day vulnerabilities, pushing the total to $908,750 and 39 unique bugs discovered so far. DEVCORE continues to dominate the leaderboard, largely due to a high-impact Microsoft Exchange compromise.
Microsoft Exchange RCE Steals the Spotlight
The most significant exploit of the day came from Orange Tsai of DEVCORE, who chained three vulnerabilities to achieve remote code execution (RCE) with SYSTEM privileges on Microsoft Exchange, as reported by Zero Day Initiative.
This full-chain attack earned $200,000 and 20 Master of Pwn points, making it the highest-value exploit of the event so far.
This type of attack is particularly dangerous because Exchange servers often sit at the core of enterprise communication. A successful RCE allows attackers to control email infrastructure fully, potentially enabling espionage, lateral movement, and data exfiltration.
For example, in a real-world scenario, an attacker exploiting Exchange could silently access internal emails, deploy malware, or impersonate executives in phishing campaigns.
Windows 11 and Linux Privilege Escalations
Operating systems were also heavily targeted. Siyeon Wi successfully exploited an integer overflow vulnerability in Windows 11, gaining elevated privileges and earning $7,500.
While smaller in payout, such bugs are critical because they can turn limited access into full system control.
On the Linux side, Ben Koo of Team DDOS exploited a use-after-free flaw to escalate privileges on Red Hat Enterprise Linux, reinforcing the fact that memory safety issues continue to plague core systems.
AI and developer-focused tools emerged as major targets this year. Notably:
- Cursor IDE was successfully exploited twice by different teams, confirming multiple vulnerabilities in AI-assisted coding environments.
- OpenAI Codex was compromised by the Summoning Team using a novel exploit chain.
- LM Studio was the victim of a code-injection attack by OtterSec researchers.
These findings underline a key trend: AI-powered development tools are becoming high-value targets due to their access to source code and developer workflows.
Not all attempts were successful. Exploits targeting Apple Safari, Microsoft SharePoint, and Mozilla Firefox failed during execution, showing the increasing difficulty of reliable exploitation even when vulnerabilities are known.
Meanwhile, several entries resulted in “collision” outcomes, where researchers demonstrated valid exploits using previously discovered bugs. While still rewarded, these highlight overlapping research efforts within the security community.
With one day remaining, DEVCORE leads with 40.5 points and $405,000, but the race for “Master of Pwn” is still open. As more zero-days are expected, vendors, including Microsoft, Red Hat, and AI platform providers, will race to patch newly exposed vulnerabilities.
Pwn2Own Berlin continues to demonstrate how quickly attackers can chain multiple bugs into devastating exploits, offering defenders a critical early warning of what could soon appear in the wild.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
