Pwn2Own Berlin 2026: Second Day Yields $385,750 in Zero-Day Exploits Across Windows 11, Exchange, and RHEL

Day Two Overview: A Surge of Zero-Day Discoveries

The second day of Pwn2Own Berlin 2026 proved to be a major success for security researchers, who collectively earned $385,750 in cash prizes by demonstrating 15 unique zero-day vulnerabilities across a range of enterprise and consumer software. The event, which brings together top ethical hackers from around the world, focused heavily on Microsoft’s ecosystem and Red Hat Enterprise Linux (RHEL). Competitors exploited flaws in Windows 11, Microsoft Exchange Server, and RHEL Workstations, among other targets.

Notable Exploits and Techniques

Windows 11 Attacks

Several contestants successfully targeted Windows 11, chaining privilege escalation and remote code execution vulnerabilities. One team achieved a full kernel compromise using a novel heap-spray technique, earning one of the highest payouts of the day. The research highlights ongoing challenges in securing modern operating systems where every layer, from user space to kernel drivers, must be hardened.

Microsoft Exchange Breach

A particularly concerning set of attacks targeted Microsoft Exchange Server. Researchers demonstrated a two-bug chain that allowed pre‑authentication remote code execution (RCE) without any user interaction. The team responsible received a significant reward under the event’s “Full Chain” category. Exchange’s continued prevalence in enterprise environments makes such flaws critical.

Red Hat Enterprise Linux Workstations

Two separate groups focused on RHEL for Workstations, uncovering vulnerabilities in the GNOME desktop environment and kernel subsystems. One exploit leveraged a use‑after‑free bug in the systemd service manager to gain root access. These findings illustrate that even mature, widely‑audited Linux distributions still contain exploitable zero‑days.

Implications for Enterprises

With more than a dozen zero‑day vulnerabilities publicly demonstrated, organizations must act swiftly. The flaws affect products that form the backbone of many corporate IT environments:

• Microsoft Exchange powers email for millions of users.
• Windows 11 is the latest flagship client OS from Microsoft.
• RHEL Workstations are common among developers and power users.

While the exact details are typically withheld until vendors release patches, enterprise security teams should expect updates in the coming weeks. Below we summarize vendor responses.

Vendor Responses and Patch Outlook

Historically, vendors participating in Pwn2Own are given a 90‑day window to issue fixes before details are publicly disclosed. Microsoft has already acknowledged the reports and stated that patches will be prioritized in the next Patch Tuesday cycle. Red Hat similarly confirmed they are working on updates for the RHEL Workstation vulnerabilities. Competitors are required to disclose full technical details to the vendors, accelerating the patch development process.

Competition Format and Prize Breakdown

1. Day One (not covered here) saw exploits against browsers and virtualization platforms.
2. Day Two concentrated on operating systems and server applications.
3. Day Three will focus on IoT and industrial control systems.

The total prize pool for the week exceeds $1 million, with the second day alone contributing nearly $400K. Full breakdowns are available on the official Zero Day Initiative website.

Conclusion: A Reminder of the Zero‑Day Threat

Pwn2Own Berlin 2026’s second day underscores the reality that modern software, no matter how polished, remains vulnerable. The collective efforts of ethical hackers not only expose flaws but also drive rapid fixes, making the ecosystem safer for everyone. As patch cycles begin, administrators should prioritize updating Exchange servers, Windows 11 clients, and RHEL workstations.