On the second day of the Pwn2Own Berlin 2026 hacking competition, security researchers earned $385,750 for disclosing 15 zero-day vulnerabilities in major enterprise products. The most significant exploit was a remote code execution on a fully patched Microsoft Exchange Server, which earned one research team a $200,000 prize.
Other successful exploits on day two of the event, which focuses on enterprise and AI technologies, included privilege escalation on Microsoft Windows 11 and Red Hat Enterprise Linux for Workstations. Over the first two days of the competition, a total of $908,750 was awarded for 39 unique vulnerabilities. Vendors like Microsoft have 90 days to release patches for the discovered flaws before they are publicly detailed.