Pwn2Own Berlin 2026: $385,750 Awarded for 15 Zero-Day Exploits on Day Two

Introduction

The second day of Pwn2Own Berlin 2026 proved to be a lucrative one for security researchers, as participants walked away with a total of $385,750 in prize money. Over the course of the day, competitors successfully demonstrated 15 unique zero-day vulnerabilities across a range of high-profile software, including Windows 11, Microsoft Exchange, and Red Hat Enterprise Linux for Workstations. This annual hacking competition, organized by Trend Micro's Zero Day Initiative, brings together elite researchers to uncover critical security flaws before malicious actors can exploit them.

Pwn2Own Berlin 2026: $385,750 Awarded for 15 Zero-Day Exploits on Day Two — Source: www.bleepingcomputer.com

A Successful Day at Pwn2Own Berlin

Pwn2Own is known for its intense, high-stakes environment where teams compete to break into widely used software under strict time limits. The second day of the Berlin 2026 event continued the tradition, with multiple researchers earning top dollar for their innovative exploit chains. The $385,750 awarded on Day Two brings the cumulative prize pot for the competition to a substantial sum, reflecting the importance of discovering and responsibly disclosing vulnerabilities.

Zero-Days Unleashed

All 15 vulnerabilities demonstrated on Day Two were classified as zero-day, meaning they were unknown to the software vendors at the time of the competition. These included both remote code execution and privilege escalation flaws, which are among the most dangerous types of security weaknesses. Researchers used sophisticated techniques to chain multiple bugs together, achieving deep system access that could be used by an attacker to take full control of affected systems.

The Targeted Products

The exploits targeted three major platforms:

Windows 11 – Microsoft's latest operating system, which was hit with multiple zero-days, including a kernel-level vulnerability that allowed an attacker to escape a sandboxed environment.
Microsoft Exchange – The email and collaboration server sustained exploits that could allow remote code execution without authentication, reminiscent of previous high-profile Exchange attacks.
Red Hat Enterprise Linux for Workstations – The enterprise Linux distribution faced both kernel and application-level bugs that could lead to full system compromise.

Each product had multiple unique vulnerabilities discovered, with researchers dividing their efforts to maximize impact and reward.

Implications for Security

The discoveries made at Pwn2Own have immediate real‑world consequences. Vendor representatives from Microsoft and Red Hat were present at the event, receiving early technical details of the exploits. This allows the companies to start developing patches before the vulnerabilities become public knowledge, significantly reducing the risk of widespread attacks.

The competition also highlights the ongoing arms race between defenders and attackers. With each new version of Windows or Exchange, security improves, but creative researchers continue to find ways in. The $385,750 awarded on Day Two reinforces the value that the industry places on proactive vulnerability research.

The Zero-Day Economy

Pwn2Own is a prime example of the growing zero-day economy, where companies and governments pay handsomely for exclusive access to vulnerability information. While the prize amounts are high, the cost of a single zero-day being used in a targeted attack can be far greater—ranging from data breaches to ransomware incidents. By incentivizing disclosure through competitions like this, the security community helps keep the digital ecosystem safer.

What's Next for the Affected Software

Both Microsoft and Red Hat have confirmed they are working on patches for the disclosed vulnerabilities. Users of Windows 11, Exchange, and Red Hat Enterprise Linux for Workstations should watch for security updates and apply them as soon as they are released. Until fixes are available, organizations can mitigate risks by implementing network segmentation, enabling multi‑factor authentication, and monitoring for unusual activity.

Conclusion

The second day of Pwn2Own Berlin 2026 was a resounding success for ethical hackers, yielding a treasure trove of 15 zero-day vulnerabilities and nearly $400,000 in rewards. The targeted products—Windows 11, Microsoft Exchange, and Red Hat Enterprise Linux—represent core infrastructure for countless businesses worldwide. As the competition continues, the rest of the world watches, knowing that each exploit discovered today is one less weapon in the hands of cybercriminals tomorrow.

Tags: