Pwn2Own Berlin 2026, Day One: $523,000 paid out, AI products fall
Pwn2Own Berlin 2026, Day One: $523,000 paid out, AI products fall
Publish Date: 2026-05-15 01:27:00
Source Domain: securityaffairs.com
Pwn2Own Berlin 2026, Day One: $523,000 paid out, AI products fall
Pierluigi Paganini
May 15, 2026
Pwn2Own Berlin 2026 day one saw 22 entries and 24 zero-days across major software, with researchers earning $523,000 in total rewards.
Day one of Pwn2Own Berlin 2026 featured 22 entries targeting widely used technologies, including browsers, operating systems, AI platforms, and NVIDIA infrastructure. By the end of the day, researchers demonstrated 24 unique zero-day vulnerabilities and earned a total of $523,000 in rewards, highlighting ongoing security risks across major enterprise and consumer software ecosystems.
Orange Tsai of the DEVCORE Research Team made the headlines; he chained four separate logic bugs to escape the Microsoft Edge sandbox, a technically demanding achievement that earned him $175,000 and 17.5 Master of Pwn points in a single attempt. It was the kind of result that reminds you why this competition exists: not to embarrass vendors, but to surface flaws in controlled conditions before someone with worse intentions finds them first.
“Orange Tsai (@orange_8361) of DEVCORE Research Team (@d3vc0r3) chained 4 logic bugs to achieve a sandbox escape on Microsoft Edge, earning $175,000 and 17.5 Master of Pwn points.” reads the post by Zero Day Initiative.
That’s my chain — a full chain w/ logic bugs only! No memory corruption, no AI, and of course no collisions at all 😉 https://t.co/Rv0AgeRgEJ
— Orange Tsai 🍊 (@orange_8361) May 14, 2026
Windows 11 was successfully exploited three times during the day: by Angelboy and TwinkleStar03 of the DEVCORE Internship Program, by Marcin Wiązowski, and by Kentaro Kawane of GMO Cybersecurity. Each demonstrated a distinct privilege-escalation zero-day on a fully patched system, earning $30,000 apiece. Three different researchers, three different bugs, one operating system. That pattern alone is worth…
