Post

Pwn2Own Berlin 2026 - Day One Results

Posted
By ictsec.pl
2 min read
Pwn2Own Berlin 2026 - Day One Results

Welcome to Day One of Pwn2Own Berlin 2026! 🎉

Today, 22 entries took the Pwn2Own stage to target AI Databases, Coding Agents, Local Inferences, and a separate category for NVIDIA products. The world’s top security researchers are pushing technology to its limits with exploits, surprises, and breakthrough discoveries unfolding. After Day One, we awarded $523,000 for 24 unique 0-days! DEVCORE is currently in the lead for Master of Pwn, but a pack of teams are right on their heels.

Highlights of the Day:

  • Orange Tsai of DEVCORE Research Team chained 4 logic bugs to achieve a sandbox escape on Microsoft Edge, earning $175,000 and 17.5 Master of Pwn points.
  • Angelboy & TwinkleStar03 of DEVCORE used an Improper Access Control bug to escalate privileges on Microsoft Windows 11, earning $30,000 and 3 Master of Pwn points.
  • Marcin WiÄ…zowski exploited a heap-based buffer overflow on Microsoft Windows 11, earning $15,000 and 3 Master of Pwn points.
  • Chompie of IBM X-Force Offensive Research (XOR) used a race condition to escalate privileges on Red Hat Enterprise Linux for Workstations, earning $20,000.

AI and Coding Agent Targets:

  • k3vg3n chained 3 bugs including SSRF and Code Injection to take down LiteLLM, earning $40,000 and 4 Master of Pwn points.
  • Emanuele Barbeno and team exploited OpenAI Codex with a single CWE-150 bug, earning $40,000 and 4 Master of Pwn points.
  • Billy, Pan Zhenpeng & Weiming Shi of STARLabs SG chained 5 bugs to exploit LM Studio, earning $40,000 and 4 Master of Pwn points.
  • haehae of Out Of Bounds exploited Chroma, earning $20,000 and 2 Master of Pwn points.

NVIDIA Category:

  • Chompie of IBM X-Force exploited NV Container Toolkit, earning $50,000 and 5 Master of Pwn points.
  • Satoki Tsuji of Ikotas Labs, Inc. exploited NVIDIA Megatron Bridge, earning $20,000 and 2 Master of Pwn points.
  • Yoseop Kim exploited NVIDIA Megatron Bridge in the second round, earning $10,000 and 2 Master of Pwn points.

Although successful on stage, the Ikotas Labs, Inc. team targeting LiteLLM in the Local Inference category used bugs that were previously known, earning $8,000. Similarly, maitai of Doyensec targeting OpenAI Codex earned $10,000, and rewhiles of Viettel Cyber Security targeting Anthropic Claude Code earned $20,000.

To read the complete article see: Read full article

CYBERSECURITY
PWN2OWN BERLIN CYBERSECURITY VULNERABILITIES
This post is licensed under CC BY 4.0 by the author.