Pwn2Own Berlin 2026 Wrap: ESXi, DEVCORE Wins $1.3M Total

Pwn2Own Berlin 2026 wrapped with $1,298,250 paid for 47 working zero-days across three days. DEVCORE took Master of Pwn; VMware ESXi fell on Day 3. Day three paid out $389,500 for eight more zero-days. The headline target was VMware ESXi: Nguyen Hoang Thach of STARLabs SG used a memory corruption bug to break out of a guest VM, land code on the ESXi host, and from there into a separate tenant's VM on the same physical box — a "Cross-tenant Code Execution" demonstration that earned $200,000, the biggest single payout of Day 3. Microsoft SharePoint also fell on Day 3 after surviving Day 2: splitline of DEVCORE chained two bugs against it for $100,000. Windows 11 cracked one more time to a Viettel Cyber Security team using an integer overflow privilege escalation for $7,500. Red Hat Enterprise Linux for Workstations fell twice more, bringing the contest's total Linux root demos to three. The AI category took more hits: OpenAI Codex fell a third time, and two separate teams pointed exploits at Anthropic Claude Code — both hit bugs that ZDI already knew about, each earning a $20,000 partial payout. Final Master of Pwn standings: DEVCORE in first with $505,000 on 50.5 points, more than double second place. STARLabs SG took second with $242,500, and Out Of Bounds finished third on $95,750. The DEVCORE lead came mostly from two big wins by their researcher Orange Tsai: the $175,000 Edge sandbox escape on Day 1 and a $200,000 Exchange Server takeover on Day 2. Across the full three-day contest, products fell in every AI subcategory: LiteLLM, OpenAI Codex, LM Studio, Chroma, NVIDIA's Megatron Bridge, Cursor, Anthropic's Claude Desktop, and Claude Code. The 90-day ZDI disclosure clock is now running on all 47 disclosed bugs. Sources: https://www.thezdi.com/blog/2026/5/16/pwn2own-berlin-2026-day-three-results-and-master-of-pwn https://www.bleepingcomputer.com/news/security/hackers-earn-1-298-250-for-47-zero-days-at-pwn2own-berlin-2026/ More on cybersecurity, privacy, scams, and homelab on Hake Hardware. New shorts every weekday. #cybersecurity #pwn2own #zeroday