Day 2 of Pwn2Own Berlin 2026 is live at OffensiveCon, and the targets are the biggest of the week. Competitors are attempting to exploit zero-days in Microsoft SharePoint, Microsoft Exchange, Windows 11, Apple Safari, Cursor, Red Hat Enterprise Linux for Workstations, LM Studio, OpenAI Codex, LiteLLM, Anthropic Claude Code and Mozilla Firefox.
(See Related: Pwn2Own Finds an AI Problem of Its Own: Bug Submissions Surge 450%)
Full chain, full pwnage
The biggest win came from Orange Tsai of the Taiwan-based DEVCORE Research Team, who chained three vulnerabilities to achieve remote code execution as SYSTEM on Microsoft Exchange. The exploit earned $200,000 and 20 Master of Pwn points, according to the Zero Day Initiative’s Day 2 results.
Victory proved elusive for some high-profile teams on Day 2. Tao Yan and Edouard Bochin of Palo Alto Networks could not get their Safari renderer exploit working within the time allotted, and Stephen Fewer of Rapid7 came up short on breaking Microsoft SharePoint.
Ben Koo (@kiddo_pwn) of Team DDOS used a use-after-free bug to escalate privileges on Red Hat Enterprise Linux for Workstations, earning $10,000.
Collisions, kills and a crowded AI attack surface
The AI category continued generating drama as researchers successfully exploited Cursor twice, along with OpenAI Codex, LM Studio and Ollama. Several attempts against Claude Desktop, NVIDIA Megatron Bridge and other AI targets resulted in collisions — meaning vendors had already identified or patched the reported flaws before disclosure.
That collision rate reinforced one of the contest’s emerging themes: AI products are rapidly becoming both high-volume targets and heavily researched attack surfaces.
Security Point Break previously reported that this year’s AI category submissions overwhelmed contest capacity, forcing organizers to reject qualified entries despite expanding the event’s AI footprint.
Dustin Childs, head of threat awareness for Trend Micro’s Zero Day Initiative, told SPB the organization was even using agentic AI internally to help triage submissions.
Orange Tsai doesn’t fuzz — he reads the architecture
The most closely watched team is DEVCORE and its powerhouse roster of researchers. Orange Tsai, the principal security researcher at DEVCORE and a core member of Taiwan’s CHROOT security group, is the reigning Master of Pwn from Pwn2Own Vancouver 2021 and Toronto 2022, has spoken at Black Hat USA and DEF CON five times each, and won the Pwnie Award for Best Server-Side Bug in both 2019 and 2021.
Tsai’s signature is logic-bug chaining — the same methodology behind ProxyShell, his 2021 Exchange remote code execution chain that ransomware operators weaponized within weeks of public disclosure.
From bootcamp to Pwn2Own: chompie’s second rodeo
Valentina Palmiotti of IBM X-Force Offensive Research collected $20,000 for rooting Red Hat Linux for Workstations and another $50,000 for a zero-day in the NVIDIA Container Toolkit on Day 1.
Palmiotti’s first Pwn2Own appearance was in 2024 in Vancouver — marking one of the first times a woman had won outright in the contest’s 17-year history, according to an IBM Security Intelligence Q&A. She now heads IBM’s X-Force Offensive Research (XOR) team, a small group focused on exploit development and vulnerability research across software, firmware and hardware, and recently received the Trailblazer Award from the Society of Women Engineers.
Summoning Team: first to pop AI, back for more
Another familiar name, Sina Kheirkhah of Summoning Team, has become one of the breakout figures in the contest’s AI era. ZDI credited Kheirkhah with the first successful AI-category exploit in Pwn2Own history at Berlin 2025.
ESXi or bust
Day 3 features STARLabs SG’s Nguyen Hoang Thach targeting VMware ESXi in the Virtualization category with a cross-tenant code execution add-on — worth up to $200,000 — per the ZDI schedule. Giuseppe Calì of Summoning Team will also target ESXi, each competing for $200,000 and 20 Master of Pwn points. A successful hypervisor escape would be the week’s most technically significant demonstration and could still swing the Master of Pwn standings.
The contest runs May 14-16, 2026, with Saturday the final day.
Master of Pwn — live standings
DEVCORE is the clear leader heading into Day 3. Its cumulative point total — built on Orange Tsai’s Edge sandbox escape, the Exchange RCE and the team’s Windows 11 escalations — dwarfs the field. If no single team scores a $200,000 ESXi sweep on Day 3, DEVCORE’s Master of Pwn title is effectively locked.
Source: Zero Day InitiativeFollow ZDI’s live coverage at and on X at @thezdi using #P2OBerlin. SPB will update with Day 3 results and a final wrap when the Master of Pwn title is awarded Saturday.
