A popular hackathon, Pwn2Own Berlin 2026, has just ended, and its participants earned a total of roughly $1.3 million for exploits targeting Windows, Nvidia, Linux, VMware, and AI products.

According to TrendAI’s Zero Day Initiative (ZDI), white hat hackers have been awarded $1,298,250 for 47 unique vulnerabilities.

“Security researchers delivered their final exploits, pushing enterprise systems to the limit one last time as the race for Master of Pwn came to a close,” said the organizers.

Two teams, Devcore and StarLabs SG, won nearly $750,000 of the total amount. Each of them also received the highest payouts for a single exploit chain.

Devcore received $200,000 for a remote code-execution exploit with System privileges in Microsoft Exchange and $175,000 for a Microsoft Edge sandbox escape. It also received $100,000 for exploiting Microsoft SharePoint.

StarLabs SG won $200,000 for a VMware ESX exploit that included a cross-tenant code execution add-on. The third-place team, Out Of Bounds, received a total of $95,750 for various exploits.

Many participants successfully hacked AI products, earning $40,000 for finding ways into LiteLLM, OpenAI Codex, and LM Studio.

Eight failed attempts targeted Oracle Autonomous AI Database, NV Container Toolkit, OpenAI Codex, Safari, SharePoint, Red Hat Enterprise Linux for Workstations, Firefox, and VMware ESX.

There were hiccups, though. As reported by International Cyber Digest, ZDI rejected dozens of working zero-day RCE submissions because organizers ran out of contest slots.

Rejected hackers were indeed going public with PoC demos and direct vendor disclosures, breaking Pwn2Own's usual secrecy.

ZDI was created in 2005 to encourage the private reporting of zero-day vulnerabilities to affected vendors by financially rewarding researchers.

At the time, some in the information security industry perceived those who found vulnerabilities as malicious hackers looking to do harm.

“Some still feel that way. While skilled, malicious attackers do exist, they remain a small minority of the total number of people who actually discover new flaws in software,” the organizers insist.

---

Unlock more exclusive Cybernews content on YouTube.