Pwn2Own Berlin 2026 has come to an end, and participants earned a total of nearly $1.3 millon for exploits targeting Windows, Linux, VMware, Nvidia, and AI products.
According to TrendAI’s Zero Day Initiative (ZDI), white hat hackers have been awarded $1,298,250 for 47 unique vulnerabilities. Nearly $750,000 of the total amount was won by the first two teams: Devcore and StarLabs SG.
The two teams also received the highest payouts for a single exploit chain. Devcore earned $200,000 for a remote code execution exploit with System privileges on Microsoft Exchange, and $175,000 for a Microsoft Edge sandbox escape. It also received $100,000 for exploiting Microsoft SharePoint.
StarLabs SG won $200,000 for a VMware ESX exploit that included a cross-tenant code execution add-on. VMware was at the event and noted last week that Pwn2Own participants can earn up to $200,000 for ESX exploits.
The third-place team, Out Of Bounds, earned a total of $95,750.
Unsurprisingly, there were many successful attempts in the AI product category. Participants earned $40,000 rewards for hacking LiteLLM, OpenAI Codex, and LM Studio.
Cursor exploits earned $15,000 and $30,000, while an Ollama exploit earned researchers $28,000 (the exploit included a known vulnerability). $20,000 bounties were received by Pwn2Own participants for OpenAI Codex, Claude Code, LM Studio, NVIDIA Megatron Bridge, and Chroma vulnerabilities.
Between $2,500 and $50,000 was earned for various exploits targeting Red Hat Linux, Windows 11, NVIDIA Megatron Bridge, and NVIDIA Container Toolkit.
There were eight failed attempts. They targeted Oracle Autonomous AI Database, NV Container Toolkit, OpenAI Codex, Safari, SharePoint, Red Hat Enterprise Linux for Workstations, Firefox, and VMware ESX.
International Cyber Digest reported that several teams were unable to sign up for Pwn2Own because all time slots were already taken. Some white hat hackers who could not register decided to disclose their findings directly to vendors, and some have begun publicly disclosing their exploits.
Related: China Revives Tianfu Cup Hacking Contest Under Increased Secrecy
Related: Infotainment, EV Charger Exploits Earn Hackers $1M at Pwn2Own Automotive 2026
Related: $1M WhatsApp Hack Flops: Only Low-Risk Bugs Disclosed to Meta After Pwn2Own Withdrawal
