Security Researchers Find 47 Zero-Days at Pwn2Own Berlin

News

Written by

Photo of Phil Muncaster

Phil Muncaster

UK / EMEA News Reporter, Infosecurity Magazine

Security researchers were awarded close to $1.3m after discovering 47 zero-day vulnerabilities at Pwn2Own Berlin.

The three-day event, held between May 14 and May 16 and sponsored by TrendAI’s Zero Day Initiative (ZDI), was won by the Devcore team, which claimed a massive $505,000 in prize money.

This edition of the long-running event had an enterprise focus, with AI databases, coding agents, local inferences and NVIDIA products all targeted by competing teams.

As always, newly discovered vulnerabilities will be responsibly disclosed to the relevant vendors to build into security updates. They have 90 days to release security patches before the ZDI publicly discloses them.

Read more on vulnerability management: Pwn2Own Offers $1m for Zero-Click WhatsApp Exploit.

Among the highlights of this year’s competition were:

  • Nguyen Hoang Thach of STARLabs SG used a memory corruption bug to exploit VMware ESXi with the cross-tenant code execution add-on, earning $200,000
  • “splitline” of Devcore Research Team chained two bugs to exploit Microsoft SharePoint, earning $100,000
  • Orange Tsai of Devcore Research Team chained three bugs to achieve remote code execution as system on Microsoft Exchange, earning $200,000
  • Devcore’s Orange Tsai chained four logic bugs to achieve a sandbox escape on Microsoft Edge, earning $175,000

Pwn2Berlin 2026: An AI Focus

This year’s Berlin event, which was held at the OffensiveCon show, focused heavily on artificial intelligence again.

It featured AI databases such as Chroma, Postgres pgvector and Oracle Autonomous AI Database, as well as – for the first time – coding agents Cursor, Claude Code and OpenAI Codex.

“At some point or another, we’ve probably all vibe coded something. There’s no shame in that, but how secure are the tools we use for vibe coding?” said ZDI head of threat awareness, Dustin Childs.

“A successful entry must interact with a contestant-controlled resource (e.g. web page, repository, media file) to exploit a vulnerability within the coding agent. The attack vector of the entry must be a common coding agent use case.”

Many of the big names in the large language model (LLM) space were also present, including Ollama, LiteLLM, LM Studio, and Llama.cpp.

When it came to NVIDIA, competitors tried their luck at hacking the vendor’s Megatron Bridge, NV Container Toolkit, and Dynamo offerings.

You may also like

  1. NCSC Launches Vulnerability Research Institute to Boost UK Resilience

    News

  2. Driverless Cars - Have we Learned Lessons From the Past?

    Next-Gen

  3. The Hand that Rocks the IoT is the Hand that Rules the World

    Opinion

  4. The Connected World: ‘With Great Power Comes Great Responsibility’

    Opinion

  5. AI Companies to Play Bigger Role in CVE Program, Says CISA

    News

What’s Hot on Infosecurity Magazine?