Windows 11 and Microsoft Edge Hacked at Pwn2Own Berlin 2026

Security researchers earned a total of $523,000 in cash awards on the opening day of Pwn2Own Berlin 2026 by exploiting 24 unique zero-day vulnerabilities. The event focuses on enterprise technologies and artificial intelligence and runs from May 14 to May 16 at the OffensiveCon conference.

One of the most notable achievements involved Cheng-Da Tsai, also known as Orange Tsai, from the DEVCORE Research Team. Tsai chained four logic bugs to escape the sandbox environment of Microsoft Edge, earning a $175,000 reward. This exploit demonstrated a critical bypass of security measures designed to isolate web processes, highlighting ongoing challenges in browser security.

Windows 11 was compromised three separate times by different teams, each demonstrating new privilege escalation zero-days. Angelboy and TwinkleStar03, who are affiliated with the DEVCORE Internship Program, Marcin Wiązowski, and Kentaro Kawane from GMO Cybersecurity, each received $30,000 for their successful exploits. These privilege escalation vulnerabilities allow attackers to gain higher system permissions, which could lead to full system control if exploited outside the controlled environment of the contest.

Other significant exploits included Valentina Palmiotti (chompie) from IBM X-Force Offensive Research (XOR), who rooted Red Hat Linux for Workstations and also uncovered a zero-day in the NVIDIA Container Toolkit. Palmiotti earned $20,000 and $50,000 respectively for these discoveries. The NVIDIA Container Toolkit vulnerability is particularly relevant given the increasing use of containerized environments in enterprise settings.

Additional successful attacks targeted a range of software and platforms. Researcher k3vg3n chained three bugs to compromise LiteLLM, a lightweight large language model, receiving $40,000. Satoki Tsuji and haehae exploited zero-days in the NVIDIA Megatron Bridge, earning $20,000. Compass Security and maita from Doyensec hacked OpenAI’s Codex coding agent, each earning $40,000. Other zero-days were found in Chroma and STARLabs SG a LM Studio, with rewards of $20,000 and $40,000 respectively.

After the first day, the DEVCORE Research Team leads the competition with $205,000 in total rewards, followed by Valentina Palmiotti with $70,000. The contest continues with plans to target additional software on the second day, including Microsoft SharePoint, Microsoft Exchange, Apple Safari, Cursor, Red Hat Enterprise Linux for Workstations, LM Studio, Anthropic Claude Code, and Mozilla Firefox.

The Pwn2Own Berlin competition requires all targeted devices to run the latest operating system versions. Participants must demonstrate arbitrary code execution on fully patched products, proving the existence and exploitability of zero-day vulnerabilities. Vendors then have 90 days to issue security patches after disclosure, providing a structured timeline for remediation.

Windows 11 Hack Techniques at Pwn2Own Berlin 2026

The Windows 11 hacks at Pwn2Own Berlin 2026 primarily involved privilege escalation vulnerabilities. These flaws allow attackers to increase their access level on a target system, bypassing standard security controls. Exploiting such vulnerabilities in Windows 11 is especially significant because the operating system incorporates multiple layers of security, including sandboxing, virtualization-based security, and hardware-enforced protections.

The researchers demonstrated that even with these defenses, carefully chained exploits could escalate privileges and escape sandbox environments. This capability is critical for attackers aiming to move from limited user accounts to full administrative control. The exploits discovered during the contest will inform Microsoft’s upcoming security updates.

Mitigation and User Recommendations

Users and organizations running Windows 11 should ensure their systems are fully updated with the latest security patches from Microsoft. Given the nature of privilege escalation vulnerabilities, attackers often require initial access to a system before exploiting these flaws. Maintaining strong perimeter defenses, using endpoint protection, and following the principle of least privilege can reduce the risk of exploitation.

Additionally, using reputable anti-malware solutions can help detect and block suspicious activity related to exploit attempts. Malwarebytes offers comprehensive protection against various threats and can be a useful tool in a layered security strategy. Users can find more about Malwarebytes here.

Enterprises should monitor security advisories closely and apply patches promptly once vendors release fixes. Network segmentation, multi-factor authentication, and continuous monitoring also contribute to limiting the impact of potential intrusions.

Context Within the Security Industry

Pwn2Own Berlin 2026 continues to be a key event for revealing vulnerabilities in widely used software and hardware. The $1 million-plus prize pool incentivizes researchers to uncover zero-days in enterprise and AI technologies, accelerating the identification and remediation of critical security issues.

The competition’s focus on fully patched systems ensures that vulnerabilities found are not already known or addressed, making the findings highly relevant for real-world security. Following the contest, vendors typically issue patches within the 90-day disclosure window, helping to improve the security posture of millions of users globally.

Windows 11, as Microsoft’s latest desktop operating system, remains a primary target for attackers and researchers alike. The exploits demonstrated at Pwn2Own Berlin emphasize the ongoing need for vigilance and rapid response to emerging threats in modern operating systems.