Summary of vulnerabilities detected and remediation status at Pwn2Own Berlin 2026

The cybersecurity event known as Pwn2Own Berlin 2026 took place over several consecutive days during 2026. In this ethical hacking competition, participants had the opportunity to test the resilience of various state-of-the-art technological systems. Over the course of the event, analysts carried out controlled attacks in real time to demonstrate security flaws that were, until then, completely unknown to the public and to the technology manufacturers themselves.

During the competition, security researchers managed to discover and successfully exploit a total of 47 zero-day vulnerabilities, resulting in a cumulative prize pool amounting to exactly $1,298,250. Among those affected were various software manufacturers, consumer device makers and technology platforms whose updated systems were compromised in a controlled manner by the participants. In light of these findings, the affected companies immediately received detailed technical reports outlining the discovered flaws so that they could understand the nature of the problem. In accordance with the event’s policies, the corporations involved have taken steps to prioritise the development of security patches and firmware updates to address these vulnerabilities before the detailed information is released to the general public

The event is now in the post-closure phase, with the organisers of the Zero Day Initiative having formally confirmed the conclusion of the conference following the validation of the 47 vulnerabilities and the final allocation of the bug bounty fund. Meanwhile, in accordance with established protocols, detailed information regarding the exploits remains strictly confidential whilst the engineering teams of the affected companies work on verifying and deploying definitive solutions. The manufacturers involved have not reported any incidents of active exploitation of these vulnerabilities in the real world, limiting themselves to confirming receipt of the data and the start of the formal remediation process. Thus, the event concludes operationally with the brands’ commitment to release the corresponding patches within the standard timeframe stipulated by the organisation.