The OffensiveCon Pwn2Own contest concluded in Berlin on Wednesday with $1.4 million paid out across three days, the second-highest single Pwn2Own purse in the contest's history. Twenty-seven distinct zero-day vulnerabilities were demonstrated, most landing in the browser sandbox, the Linux kernel, and the Tesla in-vehicle infotainment system that joined the target list this year for the first time.
Pwn2Own is the industry's most-watched offensive security contest. Researchers compete to demonstrate working zero-day exploits against pre-announced target products and platforms, with bounties paid by the Zero Day Initiative — the contest organiser, which is owned by Trend Micro. All winning exploits are responsibly disclosed to the vendors immediately after demonstration; the vendors typically ship patches within 60 to 90 days.
The Tesla chain
The single highest-paid bounty went to a Chinese research team from Synacktiv for a full kill chain against the Tesla in-vehicle infotainment system — $250,000. The chain combined a browser-based initial-access vulnerability in the infotainment WebKit fork, a privilege-escalation bug in the Linux kernel layer Tesla uses, and a sandbox escape into the broader vehicle subsystem.
Tesla added the in-vehicle infotainment target this year explicitly to attract researcher attention to the attack surface. The vehicle stack has been an under-researched target relative to consumer endpoints because most security researchers do not own a Tesla and cannot easily test against one. Bringing Tesla into Pwn2Own brings the existing researcher community against it.
The browser sandbox falls — Chrome and Firefox both broken
Two separate teams demonstrated full sandbox escapes from Chrome via different bug chains. The first used a V8 type-confusion vulnerability combined with a Mojo IPC bug. The second used a renderer-side bug followed by a GPU process privilege bug. Both chains executed code outside the renderer sandbox, which is the threshold for an end-of-the-world remote-code-execution exploit against the most-used browser.
Firefox fell once, to a sandbox-escape chain that combined a JavaScript engine bug with a graphics-stack vulnerability in Linux. Edge fell once via essentially the same V8 bug as Chrome — the browsers share the V8 engine.
Linux kernel — three independent UAFs
The Linux kernel was hit three times via independent use-after-free vulnerabilities, all in network-stack code paths. Linux kernel privilege escalation is operationally significant because it underpins almost every container escape and most cloud-multi-tenant security models. Linux kernel UAFs in network paths are particularly dangerous because they may be reachable from network packets without local code execution.
The three Linux UAFs all targeted code paths that exist in stable kernel releases — meaning the bugs affect production Linux fleets across cloud providers and on-prem datacentres. Patches are expected within 30 days per the Pwn2Own disclosure rules.
Implications for defenders
The pattern across Pwn2Own Berlin 2026 is consistent with what defenders have been seeing in production breach data through 2025 and into 2026: browser-sandbox escapes are no longer rare, Linux kernel network-stack bugs are surfacing at a higher rate, and embedded systems (cars, IoT, infotainment) are becoming first-class targets as the attack surface expands beyond traditional endpoints.
The 60-to-90-day disclosure window means defenders have a known window during which the bugs are patched in vendor codebases but not yet deployed across the user fleet. For high-value targets, the prudent response is to fast-track patch rollout once the relevant CVEs publish, prioritising the kernel and browser categories where Pwn2Own demonstrated working exploits.
The researcher economics of Pwn2Own
Pwn2Own's bounty pool is generous by industry standards but small relative to what the same vulnerabilities would fetch on the grey market. A working Chrome sandbox escape, sold to an offensive-security tools vendor with a defence-or-intelligence customer, can clear $500,000 to $1.5 million depending on the exact chain and the buyer. Pwn2Own paid $200,000 for the highest-rated Chrome chain this year.
The reason researchers participate anyway is a combination of reputational visibility, public-attribution credit, and the simpler ethics of responsible disclosure. The financial gap between Pwn2Own and the grey market is the contest's structural challenge — it cannot match grey-market prices without inflating its overall pool to a level that the vendor sponsors won't underwrite. The contest mitigates this with bonus payouts for chains with novel techniques and with first-mover credit, which has become valuable in the security-research career economy.
The composition of winners reflects these economics. Synacktiv, a Paris-based security consultancy, won the highest-paid single bounty for the Tesla chain. STAR Labs from Singapore won three of the browser bounties. Pwn2Own's geographic researcher distribution has tilted toward Europe and East Asia over the past three years as US-based offensive researchers have increasingly gone to government and grey-market work instead.
Vendor patch timelines and the disclosure pressure
Each vendor with bugs demonstrated at Pwn2Own now has the standard 90-day disclosure window to ship patches before the technical details become public. Chrome's pattern has been to ship sandbox-escape patches within 30 days of Pwn2Own demonstrations; that timeline is unlikely to slip on this occasion. The Linux kernel patches typically take 45–60 days as the changes propagate through stable branches. Tesla's response time is less predictable — the company has historically taken longer than the 90-day window on infotainment-stack disclosures, citing rollout complexity across the vehicle fleet.
The Tesla case is the most interesting to watch. Vehicle software updates are inherently more complex than browser updates — they require regulatory notification in some jurisdictions, customer-comms in all jurisdictions, and rollback plans that desktop browsers do not need. Whether the Tesla in-vehicle chain demonstrated at Pwn2Own is patched within 90 days is a question that will be settled by August. If it slips, the gap between disclosure and patch becomes a known exploitation window — exactly the kind of risk that vehicle owners and fleet operators should be aware of.
The notable absences — what didn't fall
Three target categories on the Pwn2Own roster did not produce successful demonstrations this year, which is itself newsworthy. First, Apple Safari — no team produced a working sandbox escape, the second consecutive year Safari has emerged from Pwn2Own unscathed. The Safari sandbox architecture has clearly improved enough to deter serious researcher investment given the bounty pool ZDI has allocated to it. Second, Windows 11 with the latest security baselines — researchers attempted Windows local-privilege-escalation chains but none produced a working full kernel-EoP chain. Windows 11's kernel hardening over the past two years appears to be paying out. Third, Microsoft Edge's Defender Application Guard isolation — no demonstrated escape from the virtualisation-based sandbox.
The collective implication of these non-falls is that not all browser and OS targets are equally hard. The defensive engineering investments at Apple and Microsoft over the past 36 months have measurably raised the cost of producing working exploit chains. Chrome and Linux remain more frequently breakable, which probably reflects the larger codebase, the faster release cadence, and the historically-thinner sandbox-isolation primitives compared to Safari and Edge.
Pwn2Own's role in vulnerability economics
Beyond the immediate patches, Pwn2Own's broader function is to create a transparent market signal for what a working exploit chain in each target is worth. The 2026 Berlin payouts establish ZDI's per-target valuation: $250K for Tesla in-vehicle, $200K for a Chrome sandbox escape, $50K for a Linux kernel UAF. Those prices anchor industry expectations and influence what governments and commercial vulnerability buyers are willing to pay for similar work, which in turn shapes researcher career economics.
The Tesla price point is particularly significant. Last year's Pwn2Own paid $100K for similar Tesla work; this year's $250K reflects the increased attention vehicle systems have received in 2025–2026. The next year's Pwn2Own will almost certainly maintain or increase the Tesla-target valuation, drawing more researcher attention into the vehicle-security category. That's the intended feedback loop, and it appears to be working as designed.
Beyond the contest itself, the Pwn2Own outcomes flow into the broader vulnerability-management ecosystem in predictable ways. CISA's Known Exploited Vulnerabilities catalogue will publish entries for each disclosed bug within roughly 30 days of vendor patch availability, signalling to federal agencies that prioritised patching is mandatory. Industry threat-intelligence vendors like Mandiant, CrowdStrike and Recorded Future will incorporate the bugs into their threat-actor tracking, watching for grey-market exploitation attempts. Bug-bounty programs at companies whose products weren't on the Pwn2Own roster will reset their internal bounty calibrations against the new ZDI price points. The contest is a small event in absolute terms — 27 bugs, $1.4 million paid — but it functions as a reference market for the broader vulnerability-research economy that shapes defensive posture across the industry.
Sources
The Zero Day Initiative blog publishes per-day contest results and bounty payouts. BleepingComputer and The Hacker News carried lede coverage of each day's events. Vendor advisories from Google, Mozilla, Tesla and the Linux kernel security team are expected over the coming weeks.
View author profile → · Editorial policy
