Researchers Exploit Microsoft Edge And Windows 11 At Pwn2Own Berlin 2026

Pwn2Own Berlin 2026 opened with a major day for security researchers, awarding more than $523,000 after 24 unique zero-day vulnerabilities were demonstrated across browsers, operating systems, Linux systems, AI tools, and developer infrastructure.

The first day also showed how quickly AI infrastructure has become a major target, with researchers successfully compromising tools used for coding agents, LLM workflows, and local AI development.

Orange Tsai Lands The Biggest Win

As Bleeping Computer writes, the largest payout of the day went to security researcher Orange Tsai, who earned $175,000 after chaining four logic bugs to escape the sandbox in Microsoft Edge.

The exploit highlighted how multiple smaller flaws can combine into a much more dangerous attack chain. Browser sandbox escapes remain critical because browsers depend on isolation to contain attacks.

Windows 11 Compromised Three Times

Windows 11 was successfully hacked three separate times during the first day of the competition.

Researchers Angelboy and TwinkleStar03, Marcin Wiązowski, and Kentaro Kawane each earned $30,000 for privilege escalation zero-days. These vulnerabilities can allow attackers to gain deeper system access after initial compromise.

Linux And NVIDIA Container Toolkit Targeted

Valentina Palmiotti from IBM X-Force Offensive Research earned $20,000 for rooting Red Hat Enterprise Linux for Workstations.

She also earned another $50,000 for a successful NVIDIA Container Toolkit exploit, showing increased focus on container security and AI-related infrastructure.

AI And LLM Platforms Under Attack

Several AI and LLM-related targets were compromised during the first day.

LiteLLM was exploited through chained vulnerabilities for a $40,000 reward. OpenAI Codex was hacked by Compass Security and Doyensec researcher maitai, with both receiving $40,000 rewards.

LM Studio was also compromised by STARLabs SG for another $40,000 payout. Anthropic Claude Code remains scheduled for later targeting during the event.

DEVCORE Leads The Competition

The DEVCORE Research Team currently leads Pwn2Own Berlin 2026 with $205,000 in rewards.

Valentina Palmiotti follows with $70,000 after successful attacks against Red Hat Enterprise Linux and NVIDIA Container Toolkit.

Why Pwn2Own Matters

Pwn2Own requires researchers to attack fully patched systems running the latest software versions.

Researchers must demonstrate real exploit chains, arbitrary code execution, sandbox escapes, or privilege escalation attacks under strict competition rules.

After successful demonstrations, vendors typically receive 90 days to patch the vulnerabilities before public disclosure.

AI Security Is Becoming A Major Concern

One major takeaway from Pwn2Own Berlin 2026 is how aggressively researchers are targeting AI infrastructure.

Coding agents, local inference tools, LLM integrations, and AI supply-chain components are becoming increasingly attractive targets as organizations integrate AI deeper into development workflows.

The event also arrives during a broader rise in AI-related security incidents. OpenAI recently confirmed employee devices were breached, while attackers have been abusing Microsoft Teams chats to deploy ModeloRAT malware inside corporate networks.