Microsoft Exchange, Windows 11, and Cursor zero-days hit Pwn2Own Berlin Day 2

Pwn2Own Berlin 2026 Day 2 delivered several major zero-day demonstrations, including a Microsoft Exchange remote code execution exploit, a Windows 11 privilege escalation bug, and two successful attacks against the Cursor AI coding tool.

The second day added $385,750 in rewards for 15 unique zero-day vulnerabilities. That pushed the event total at the time to $908,750 for 39 unique bugs, with DEVCORE leading the Master of Pwn race.

The biggest result came from Orange Tsai of DEVCORE Research Team, who chained three bugs to achieve remote code execution as SYSTEM on Microsoft Exchange. The exploit earned $200,000 and 20 Master of Pwn points.

Microsoft Exchange was the biggest target on Day 2

The Microsoft Exchange exploit stood out because of the target and the privilege level reached. Exchange servers sit close to the center of many enterprise networks, handling email, authentication flows, calendars, and internal communication.

A remote code execution bug with SYSTEM privileges gives an attacker a powerful foothold. In a real attack, that could support email theft, internal phishing, credential access, or further movement across a network.

Pwn2Own exploits happen in a controlled contest environment, not against live customers. Still, vendors receive the vulnerability details after the event, which gives them time to prepare fixes before public disclosure.

Day 2 target	Researcher or team	Result	Reward
Microsoft Exchange	Orange Tsai of DEVCORE	RCE as SYSTEM using three bugs	$200,000
Windows 11	Siyeon Wi	Privilege escalation via integer overflow	$7,500
Red Hat Enterprise Linux	Ben Koo of Team DDOS	Root privilege escalation via use-after-free	$10,000
Cursor	Le Duc Anh Vu of Viettel Cyber Security	Successful exploit	$30,000
Cursor	Compass Security	Second successful Cursor exploit	$15,000
OpenAI Codex	Sina Kheirkhah of Summoning Team	Successful exploit	$20,000
LM Studio	OtterSec	Code injection exploit	$20,000

Windows 11 and Linux bugs show local escalation risk

Windows 11 also fell on Day 2. Siyeon Wi used an integer overflow bug to escalate privileges on Microsoft’s operating system, earning $7,500 and 3 Master of Pwn points.

Local privilege escalation bugs often look less dramatic than remote server exploits, but they remain important. Attackers can combine them with phishing, malware, browser bugs, or stolen credentials to move from limited access to deeper system control.

Red Hat Enterprise Linux for Workstations was also exploited. Ben Koo of Team DDOS used a use-after-free bug to escalate privileges to root, earning $10,000 and 1 Master of Pwn point.

AI coding tools became major Pwn2Own targets

Day 2 also showed how quickly AI developer tools have become part of the security attack surface. Cursor was exploited twice by different teams, while OpenAI Codex, LM Studio, Ollama, LiteLLM, and Claude Desktop also appeared in the results.

Le Duc Anh Vu of Viettel Cyber Security earned $30,000 for exploiting Cursor. Later, researchers from Compass Security also exploited Cursor in a second-round attempt, earning $15,000.

OpenAI Codex was exploited by Sina Kheirkhah of Summoning Team for $20,000. OtterSec also used a code injection bug against LM Studio, while other AI-related attempts ended in collision outcomes because the demonstrated bug had already been known.

• Cursor was successfully exploited twice on Day 2.
• OpenAI Codex was successfully exploited in the Coding Agent category.
• LM Studio was hit with a code injection exploit.
• Ollama and LiteLLM attempts produced collision results.
• Claude Desktop also produced a collision result.

Some attempts failed or collided

Not every Day 2 attempt worked. Apple Safari, Microsoft SharePoint, Mozilla Firefox, and one Red Hat Enterprise Linux attempt failed during the allotted time.

Several entries also ended as collisions. In Pwn2Own terms, a collision means the researcher demonstrated a working exploit, but the bug overlapped with a vulnerability already known to the organizer or vendor.

Those results still matter because they show where independent researchers are finding the same weak spots. They also help vendors understand which bug classes attract repeated attention.

Final Pwn2Own Berlin 2026 results are now known

Pwn2Own Berlin ended on May 16 with $1,298,250 awarded for 47 unique zero-day vulnerabilities across three days. DEVCORE won Master of Pwn with 50.5 points and $505,000 in rewards.

STARLabs SG finished second with 25 points and $242,500, while Out Of Bounds finished third with 12.75 points and $95,750.

The final day added more successful demonstrations, including a Microsoft SharePoint exploit by DEVCORE and a VMware ESXi memory corruption exploit by STARLabs SG. That helped push the contest total close to $1.3 million.

Why these Pwn2Own results matter

Pwn2Own gives vendors a controlled look at vulnerabilities before full public disclosure. That reduces the chance of surprise exploitation and gives defenders a clearer view of where attackers may focus next.

The Day 2 results point to three major risk areas. Enterprise servers remain high-value targets, operating systems still face privilege escalation pressure, and AI-powered development tools now need the same security attention as traditional developer platforms.

For IT teams, the practical lesson is simple. Patch quickly when vendors release fixes, restrict access to critical services, and treat developer tools as part of the security perimeter.

• Prioritize patching for Exchange, SharePoint, Windows, Linux, and virtualization systems.
• Limit who can access enterprise email and collaboration servers from the internet.
• Monitor AI coding tools and local inference tools used by developers.
• Apply least-privilege rules across developer workstations and build systems.
• Review logs for suspicious privilege escalation or unusual service behavior.

FAQ