Pwn2Own Berlin 2026 Day 2: 15 Zero-Days in Windows 11, Exchange, and RHEL Earn $385K

On day two of Pwn2Own Berlin 2026, researchers demonstrated 15 unique zero-day vulnerabilities across Windows 11, Microsoft Exchange, and Red Hat Enterprise Linux for Workstations, earning $385,750 in prizes. These bugs are distinct from CVE-2026-42897, the Exchange zero-day already exploited in the wild. Under Pwn2Own rules, vendors receive 90 days to issue patches before technical details are published. Security teams should track upcoming patch releases for these products and prioritize deployment once vendor advisories drop over the coming weeks.