Pwn2Own Berlin 2026: Major Exploits Target Windows 11 and Microsoft Exchange

Pwn2Own Berlin 2026: Major Exploits Target Windows 11 and Microsoft Exchange

First seen 15 May 2026, 09:57 UTC BleepingcomputerSecurityaffairs.CoGbhackersCybersecuritynewswww.zerodayinitiative.com+8 86% similarity 69.0

Article Content

Browse articles
ThreatCluster

During the Pwn2Own Berlin 2026 event, held from May 14 to 16, security researchers exploited numerous zero-day vulnerabilities, earning over $900,000 in cash prizes. On the first day, 24 unique vulnerabilities were discovered, including multiple exploits against Windows 11 and Microsoft Edge, totaling $523,000. On the second day, 15 additional vulnerabilities were exploited, including significant flaws in Microsoft Exchange, bringing the total to 39 vulnerabilities and $908,750 awarded. Notable achievements included Orange Tsai's complex exploit for Microsoft Exchange, earning him $200,000. The competition emphasizes ethical hacking and incentivizes the discovery of vulnerabilities in enterprise technologies and AI systems. Vendors have 90 days to patch the disclosed vulnerabilities. The event showcases the ongoing challenges in securing modern software and highlights the need for robust security measures.

Key Points: • Pwn2Own Berlin 2026 awarded over $900,000 for 39 zero-day exploits across two days. • Orange Tsai earned $200,000 for exploiting Microsoft Exchange using a complex attack chain. • Vendors have 90 days to address the vulnerabilities disclosed during the competition.

ThreatCluster AI

Timeline

2026-05-14
Day One of Pwn2Own Berlin 2026
Researchers exploited 24 zero-day vulnerabilities, earning $523,000 in total prizes.
Bleepingcomputer
2026-05-15
Day Two of Pwn2Own Berlin 2026
15 unique zero-day vulnerabilities were exploited, earning $385,750 in cash awards.
Bleepingcomputer
2026-05-15
Total earnings surpass $900K
The cumulative total for the first two days reached $908,750 with 39 vulnerabilities disclosed.
Securityaffairs.Co

Community

Browse all →