On the second day of Pwn2Own Berlin 2026, security researchers showcased their elite hacking skills by exploiting 15 previously unknown zero-day vulnerabilities in widely used software. The competitors walked away with a combined cash prize of $385,750. Among the high-profile targets were Microsoft Windows 11, Microsoft Exchange, and Red Hat Enterprise Linux for Workstations. This annual competition not only rewards talent but also helps vendors identify and patch critical flaws before malicious actors can exploit them. Below, we answer key questions about the day's events.
What were the major highlights from the second day of Pwn2Own Berlin 2026?
The second day proved even more intense than the first. Researchers from various teams successfully demonstrated 15 distinct zero-day exploits across multiple platforms. The most notable victims included the latest build of Windows 11, Microsoft Exchange Server, and Red Hat Enterprise Linux for Workstations. Each exploit required a deep understanding of system internals, memory management, or network protocols. The audience witnessed real-time hacks that could potentially grant attackers full system control, data exfiltration, or privilege escalation. The competition continues to serve as a proving ground for cutting-edge security research.
How much total prize money was awarded, and how was it distributed?
On day two, participants earned a collective $385,750 in cash awards. The distribution was based on the complexity and severity of each vulnerability. For example, a full chain exploit that compromised both a browser and the underlying operating system might net a higher payout than a single bug. Some of the top prizes went to those who exploited Windows 11 and Microsoft Exchange, reflecting the high value these targets hold in the cybersecurity community. The total prize pool for Pwn2Own Berlin 2026, across all days, is expected to exceed $1 million, further incentivizing participants to find and report critical flaws.
Which specific products were hacked, and what types of attacks were used?
The three major products targeted were Microsoft Windows 11, Microsoft Exchange Server, and Red Hat Enterprise Linux for Workstations. Hackers leveraged a variety of zero-day vulnerabilities, including race conditions, use-after-free flaws, and buffer overflows. For instance, one team demonstrated a remote code execution exploit against Exchange by chaining multiple bugs, while another gained kernel-level access on Windows 11 through a privilege escalation vulnerability. The Linux exploit focused on a desktop component to achieve sandbox escape. All attacks were performed against fully patched, default installations to prove their effectiveness.
Why are zero-day vulnerabilities considered so dangerous?
A zero-day vulnerability is a security flaw unknown to the software vendor and for which no patch exists at the time of discovery. This makes them extremely valuable to attackers because they can be used without fear of immediate detection. In the context of Pwn2Own, researchers must responsibly disclose these bugs to the vendors after the event, allowing fixes to be developed. However, in the wild, cybercriminals often stockpile zero-days to target high-value organizations. The competition highlights how even widely used platforms like Windows 11 and Exchange contain hidden flaws that require constant vigilance and rapid patching.
What is the significance of these demonstrations for everyday users?
For the average user, these demonstrations might seem like technical theater, but they have real-world impact. When researchers hack a product at Pwn2Own, the vendor is provided with detailed technical reports and is strongly encouraged to release security updates quickly. The findings often lead to immediate fixes in upcoming patch cycles. For example, past Pwn2Own exploits have resulted in critical updates for Windows and Exchange. Users who keep their systems updated are better protected. Moreover, the competition raises awareness about the importance of defense-in-depth strategies, such as enabling strong authentication and restricting unnecessary services.
How does Pwn2Own help improve global cybersecurity?
Pwn2Own serves as a positive force in the cybersecurity ecosystem. It brings together the world's top researchers in a controlled environment to find and fix vulnerabilities before criminals can exploit them. The prize money and prestige motivate participants to push the boundaries of exploitation techniques. From the event, vendors gain invaluable insights into their weakest points. The resulting patches not only protect the specific software but also set a higher security bar across the industry. Additionally, the competition fosters collaboration between researchers and vendors, leading to more robust products. In the long run, events like Pwn2Own reduce the attack surface for everyone—from home users to large enterprises.