Pwn2Own Berlin 2026: $1.3M Paid for 47 Zero-Days in Windows, Linux, VMware, and AI Products

Pwn2Own Berlin 2026 concluded with researchers collecting $1,298,250 after demonstrating 47 zero-day exploits across Windows, Linux, VMware, Nvidia, and AI products. The inclusion of AI products as an official target category is notable, marking growing recognition of AI system attack surfaces in competitive security research.

Vendors have 90 days to issue patches under Pwn2Own responsible disclosure rules. Expect a wave of high-severity CVEs against Windows, Linux kernel, VMware, and AI-adjacent components in the coming weeks. Security teams should track vendor patch bulletins for these product families closely.