Security Researchers Find 47 Zero-Days at Pwn2Own Berlin

Security researchers at Pwn2Own Berlin 2026 uncovered 47 zero-day vulnerabilities during a three-day contest focused on enterprise and AI targets; top wins included remote code execution, cross-tenant code execution, and sandbox escapes affecting VMware ESXi, Microsoft SharePoint and Exchange, Microsoft Edge, AI databases and coding agents, and NVIDIA offerings. Winners were awarded substantial prizes, and vulnerabilities will be responsibly disclosed to vendors with a 90-day patch window.