Pwn2Own Berlin Finale: DEVCORE Wins Master of Pwn, 47 Zero-Days Fall
DEVCORE claims Master of Pwn with $505K across three days. VMware ESXi and SharePoint exploits highlight Day 3 as Pwn2Own Berlin 2026 awards $1.29M total.
Pwn2Own Berlin 2026 concluded with DEVCORE Research Team claiming the Master of Pwn title after three days of competition that saw 47 unique zero-day vulnerabilities demonstrated across enterprise software, AI platforms, and virtualization infrastructure. The final tally reached $1,298,250 in awards.
This wraps up our coverage of the event, following Day One's 24 zero-days and Day Two's Exchange Server chain that earned Orange Tsai $200,000.
Day Three Results
The final day added eight more zero-days worth $389,500, bringing the three-day total to 47 unique vulnerabilities. According to the Zero Day Initiative's official results:
| Target | Researcher | Vulnerability | Prize |
|---|---|---|---|
| VMware ESXi | Nguyen Hoang Thach (STARLabs SG) | Memory corruption + cross-tenant escape | $200,000 |
| Microsoft SharePoint | splitline (DEVCORE) | 2-bug chain | $100,000 |
| Windows 11 | Multiple researchers | Privilege escalation | $15,000 |
| Red Hat Enterprise Linux | Multiple researchers | Root privilege escalation | $10,000 |
The VMware ESXi exploit stood out as the contest's second-highest single payout. Nguyen Hoang Thach demonstrated a memory corruption vulnerability that achieved cross-tenant code execution—the add-on that bumped his reward from $150,000 to $200,000. Cross-tenant escapes represent the nightmare scenario for cloud providers running multi-tenant VMware infrastructure.
Master of Pwn Standings
DEVCORE dominated the competition with 50.5 Master of Pwn points and $505,000 in total rewards:
| Rank | Team | Points | Earnings |
|---|---|---|---|
| 1 | DEVCORE | 50.5 | $505,000 |
| 2 | STARLabs SG | 25 | $242,500 |
| 3 | Out Of Bounds | 12.75 | $95,750 |
Orange Tsai's Day Two Microsoft Exchange chain ($200,000), combined with teammate splitline's SharePoint exploit ($100,000) and their Edge sandbox escape ($175,000 on Day One), secured the championship for DEVCORE.
The Capacity Crisis Nobody Saw Coming
For the first time in 19 years, Pwn2Own hit maximum capacity. ZDI closed registration on May 7, a week before the May 14 start date, because they simply couldn't process more entries within the event timeline.
The bottleneck comes from Pwn2Own's live demonstration requirement. Every exploit chain must be tested on-site with judges present, and each attempt gets a 30-minute window. With AI-assisted exploit development accelerating the discovery pace, researchers submitted entries faster than the schedule could accommodate.
The capacity crunch created collateral damage. Research group xchglabs reportedly had 86 vulnerabilities ready for targets including NVIDIA, Docker, Linux KVM, and PyTorch. Unable to compete, they announced plans to report directly to vendors and publish details as patches ship—a "revenge disclosure" wave that could drop dozens of zero-days over the coming weeks.
What Gets Patched Next
All 47 demonstrated vulnerabilities enter a 90-day coordinated disclosure window. Vendors now have that timeline to ship patches before ZDI publishes technical details.
The high-priority targets for security teams to watch:
- Microsoft Exchange Server - Orange Tsai's 3-bug RCE chain (Day Two) adds to the CVE-2026-42897 zero-day already under active exploitation
- Microsoft SharePoint - splitline's 2-bug chain demonstrated server-side code execution
- VMware ESXi - Cross-tenant escape affects any organization running multi-tenant virtual infrastructure
- Microsoft Edge - Sandbox escape bypasses Chromium's primary security boundary
- AI platforms - Multiple vulnerabilities in LiteLLM, Cursor, LM Studio, and OpenAI Codex
AI Platforms: The Soft Targets
Building on Day One and Two results, AI development tools proved consistently exploitable. Code injection, insufficient sandboxing, and trust boundary violations appeared throughout the AI category—introduced for the first time at Pwn2Own Berlin 2026.
Organizations deploying AI coding assistants should treat these tools as attack surface until the demonstrated vulnerabilities are patched. The Cursor IDE fell twice to different research teams, suggesting systemic rather than isolated security issues.
The Bigger Picture
Pwn2Own Berlin 2026 exposed vulnerabilities in foundational enterprise infrastructure: Exchange, SharePoint, ESXi, Windows, and the emerging AI development toolchain. The 47 zero-days represent what skilled researchers can find with focused effort—and what motivated attackers are likely also discovering.
For deeper context on how nation-state actors and criminal groups operationalize these same vulnerability classes, see our recommended cybersecurity reading.
Related Articles
Pwn2Own Berlin Day 2: Exchange RCE Chain Earns $200K, 15 Zero-Days Fall
Day two of Pwn2Own Berlin 2026 yields 15 new zero-days worth $385,750. Orange Tsai chains three bugs for SYSTEM-level Exchange RCE, earning the event's largest payout.
May 16, 202624 Zero-Days Fall on Day One of Pwn2Own Berlin 2026
Security researchers exploited Windows 11, Microsoft Edge, Red Hat Linux, and multiple AI platforms on the first day of Pwn2Own Berlin 2026, earning $523,000 for 24 unique zero-day vulnerabilities.
May 14, 2026Pwn2Own Automotive 2026 Ends With 76 Zero-Days, $1M+ Awarded
Fuzzware.io claims Master of Pwn at Tokyo competition after researchers demonstrate record-breaking exploits against Tesla, EV chargers, and infotainment systems.
Jan 23, 2026Pwn2Own Automotive 2026 Day Two: 66 Zero-Days, $955K in Prizes
Researchers demonstrated 29 new zero-day exploits on Day Two at Pwn2Own Automotive in Tokyo, targeting EV chargers, infotainment systems, and Automotive Grade Linux.
Jan 22, 2026