The first day of Pwn2Own Berlin 2026, organised by Trend Micro’s Zero Day Initiative, saw competing security research teams demonstrate 24 unique zero-day vulnerabilities across a range of enterprise software targets. Windows 11 was successfully compromised three times by different teams using independent exploit chains, a full sandbox escape from Microsoft Edge was demonstrated for a $175,000 award, and VMware Workstation and Oracle VirtualBox both fell to virtual machine escape exploits.
Day 1 Highlights
Windows 11 — Three Separate Compromises: Three independent research teams demonstrated local privilege escalation exploits achieving SYSTEM on fully patched Windows 11 24H2. Each used a distinct vulnerability class — kernel object mishandling, a win32k driver flaw, and an NtAllocateVirtualMemory integer overflow — demonstrating that the Windows LPE attack surface remains broad despite recent hardening efforts. Combined payout: $210,000.
Microsoft Edge Sandbox Escape ($175,000): A team from Synacktiv demonstrated a two-bug chain bypassing Edge’s renderer sandbox and achieving code execution in the Edge browser process. The chain combined a Chromium V8 JavaScript engine type confusion with an Edge-specific IPC deserialization flaw to escape the renderer sandbox. This represents one of the higher-value Edge exploits demonstrated at Pwn2Own in recent years.
VMware Workstation VM Escape: A virtual machine escape from VMware Workstation 17 was demonstrated using a flaw in the SCSI hardware emulation layer. The exploit achieved code execution on the host OS from within a guest VM. VMware has been notified and the 90-day disclosure timer has begun.
Oracle VirtualBox: A separate team demonstrated a VirtualBox guest-to-host escape via a heap buffer overflow in the shared folder filesystem driver.
Enterprise Relevance
Pwn2Own results provide a credible signal about the practical exploitability of widely deployed software by skilled adversaries. Several key observations from Day 1:
- Three independent LPE paths in Windows 11 indicate the LPE attack surface is wider than vendor patch coverage suggests. Post-exploitation defenders should not assume that patching Patch Tuesday’s EoP vulnerabilities provides complete LPE coverage.
- VM escape vulnerabilities in both VMware Workstation and VirtualBox reinforce that hypervisor isolation is not an absolute security boundary. Organisations using desktop virtualisation for workload isolation (running sensitive workloads in VMs on shared hosts) should review their risk assumptions.
- Edge sandbox escapes remain achievable for skilled researchers, which is relevant for organisations relying on browser isolation as a phishing defence.
What Happens Next
Under Pwn2Own rules, all demonstrated vulnerabilities are reported to the relevant vendors immediately. Vendors have 90 days to release a patch. If vendors fail to patch within 90 days, ZDI publishes full technical details. CVE IDs will be assigned and patches will be released on an accelerated timeline given the public demonstration. Security teams should monitor their vulnerability management feeds for the patch releases corresponding to the Day 1 findings.
Share this article