Windows 11 and Microsoft Edge hacked at Pwn2Own Berlin 2026

On the first day of Pwn2Own Berlin 2026, security researchers collected $523,000 in cash awards after exploiting 24 unique zero-days.

Today's highlight was the attempt of Cheng-Da Tsai (also known as Orange Tsai) of DEVCORE Research Team, who was awarded $175,000 in rewards after chaining 4 logic bugs to achieve a sandbox escape on Microsoft Edge.

Windows 11 was also hacked three times by Angelboy and TwinkleStar03 (working with the DEVCORE Internship Program), Marcin Wiązowski, and Kentaro Kawane of GMO Cybersecurity, each earning $30,000 in cash rewards for demonstrating new privilege escalation zero-days.

Valentina Palmiotti (chompie) of IBM X-Force Offensive Research (XOR) also collected $20,000 after rooting Red Hat Linux for Workstations and another $50,000 for a zero-day in the NVIDIA Container Toolkit.

Other successful attempts include k3vg3n chaining 3 bugs to take down LiteLLM ($40,000), Satoki Tsuji and haehae exploiting NVIDIA Megatron Bridge zero-days ($20,000), Compass Security and maitai of Doyensec hacking OpenAI's Codex coding agent (each earning $40,000), haehae dropping a Chroma zero-day ($20,000), and STARLabs SG a LM Studio zero-day ($40,000).

Windows 11 and Microsoft Edge hacked at Pwn2Own Berlin 2026

Other newsrooms on this story

Related reading

Microsoft Exchange, Windows 11 hacked on second day of Pwn2Own

Other newsrooms on this story

Related reading

Microsoft Exchange, Windows 11 hacked on second day of Pwn2Own

Microsoft Windows 11 Exploited 3 Times In 24 Hours By Zero-Day Hackers

Microsoft Windows Alert—Angry Hacker Drops 2 New Zero-Day Exploits

Microsoft patch fell short. New Windows flaw exploited

'CopyFail' attackers start cashing in on Linux flaw

New Microsoft Alert — Update Windows 10 And 11 Now, Attacks Underway