Microsoft Exchange, Windows 11 Hacked on Pwn2Own Day Two
On the second day of Pwn2Own Berlin 2026, researchers earned $385,750 by exploiting 15 zero-day vulnerabilities including successful attacks on Microsoft Exchange and Windows 11. The demonstrations underscore risks in enterprise and AI products while giving vendors 90 days to issue patches after public disclosure.
The Pwn2Own Berlin 2026 hacking competition takes place at the OffensiveCon conference from May 14 to May 16 and focuses on enterprise technologies and artificial intelligence. Security researchers can earn over $1,000,000 in cash and prizes by hacking fully patched products in categories including web browser, enterprise applications, cloud-native/container environments, virtualization, local privilege escalation, servers, local inference, and LLM.
According to the event rules, all targeted devices run the latest operating system versions and all entries must compromise the target to demonstrate arbitrary code execution. Vendors have 90 days to patch their software and hardware after the zero-days are disclosed at Pwn2Own.
The highlight of the second day was Cheng-Da Tsai, also known as Orange Tsai, of the DEVCORE Research Team earning $200,000 after chaining three bugs to gain remote code execution with SYSTEM privileges on Microsoft Exchange. Siyeon Wi collected $7,500 after exploiting an integer overflow bug to hack Windows 11.
Ben Koo of Team DDOS escalated privileges to root on Red Hat Enterprise Linux for Workstations to earn a $10,000 cash prize. 0xDACA and Noam Trobishi used a use-after-free bug to exploit the NVIDIA Container Toolkit. In the AI category, Le Duc Anh Vu of Viettel Cyber Security hacked the Cursor AI coding agent for $30,000, Sina Kheirkhah of Summoning Team demoed an OpenAI Codex zero-day for $20,000, and Compass Security exploited Cursor for $15,000.
On the first day, Orange Tsai earned another $175,000 after chaining 4 logic bugs for a Microsoft Edge sandbox escape. Valentina Palmiotti of IBM X-Force Offensive Research collected $20,000 for rooting Red Hat Linux for Workstations and $50,000 for an NVIDIA Container Toolkit zero-day. Windows 11 was hacked three times on day one by Angelboy and TwinkleStar03 working with the DEVCORE Internship Program, Kentaro Kawane of GMO Cybersecurity, and Marcin Wizowski, with each earning $30,000 for new privilege-escalation zero-days.
On the third day of Pwn2Own, hackers will target Microsoft Windows 11, VMware ESXi, Red Hat Enterprise Linux, Microsoft SharePoint, and several AI coding agents. Last year's Pwn2Own Berlin contest awarded 1,078,750 for 29 zero-day flaws and some bug collisions.
Expert Take: Enterprise teams running Exchange and Windows 11 should track these disclosures and prepare for patches within the stated 90-day vendor timeline to limit exposure in production environments.
Reader-supported
The Circuitry is a passion project I've always wanted to build, and I love the work behind it.
Running it costs real money. APIs, hosting, time. To keep improving the site and growing this into something useful for everyone, those costs have to be covered.
Any contribution is appreciated. If not, no pressure. Thanks for reading.
EXPERT TAKE
Enterprise teams running Exchange and Windows 11 should track these disclosures and prepare for patches within the stated 90-day vendor timeline to limit exposure in production environments.