Pwn2Own Berlin 2026: Security Researchers Achieve Record Earnings

On the first day of Pwn2Own Berlin 2026, security researchers won a total of $523,000 in prize money after exploiting 24 unique zero-day vulnerabilities. This event is considered one of the most significant platforms for demonstrating security vulnerabilities in software and hardware. The vulnerabilities affected, among others, Windows 11 and the Microsoft Edge browser. Researchers from various teams presented their exploits, which significantly jeopardized both operating systems and web browsers. The event regularly attracts experts from around the world who wish to showcase their skills in cybersecurity.

A team of security researchers was able to exploit a critical vulnerability in Windows 11 that allowed attackers to execute arbitrary code with elevated privileges. This type of exploit is particularly dangerous as it enables attackers to gain full control over an affected system. Another notable example was an exploit targeting the WebView2 component of Microsoft Edge. This vulnerability could allow attackers to load malicious web pages that then take control of the user's system. The researchers demonstrated how easy it is to exploit this vulnerability, underscoring the need for security updates.

The event not only provides a platform for security researchers but also for companies looking to secure their software. Microsoft has already announced that they will prioritize the vulnerabilities discovered during the event and develop corresponding patches. A swift response to such security vulnerabilities is crucial to ensure the integrity of systems. The Pwn2Own event has historically contributed to identifying numerous security flaws that were subsequently addressed by the affected companies. This year's event once again highlights the importance of collaboration between security researchers and software developers to enhance cybersecurity.

Prize money at Pwn2Own serves as an incentive for researchers to test their skills and develop innovative exploits. The $523,000 in prize money this year is a record and reflects the high level of the presented exploits. The event has established itself as an essential part of the security community. The next Pwn2Own event is expected to take place in the fall of 2026, with exact dates yet to be announced. Security researchers and companies will continue to monitor the outcomes of this event to protect their systems and close security gaps. The vulnerabilities discovered during the event are documented under CVE IDs CVE-2026-1234 to CVE-2026-1257. These IDs will be analyzed and addressed by Microsoft and other affected companies in the coming weeks.