VMware ESXi was successfully exploited during the third day of Pwn2Own Berlin 2026 by the STARLabs SG research team, who demonstrated cross-tenant code execution on VMware ESXi — a vulnerability class where code running inside one virtual machine can execute within a separate guest VM sharing the same physical host. The result earned $200,000 in prize money, the highest single-bug award at the competition, and represents one of the more architecturally significant results of the three-day event.
What Cross-Tenant Code Execution Means
Cross-tenant code execution in a hypervisor context differs from a traditional guest-to-host VM escape. A guest-to-host escape gives an attacker access to the underlying host operating system. Cross-tenant execution skips the host entirely and lands in a different virtual machine running alongside the attacker’s compromised guest.
In a cloud or shared infrastructure environment, where multiple customers (tenants) share the same physical ESXi host, this creates a direct lateral movement path between customers who have no legitimate connectivity: a threat actor with code execution in their own cloud tenant could execute code in a different customer’s virtual machine on the same physical server, bypassing all network-level segmentation between the two tenants.
The specific technical mechanism of the STARLabs SG bug has not been disclosed — Broadcom (VMware’s parent company) received the full details and has 90 days to produce a patch. However, at $200,000, the ZDI award indicates the vulnerability was assessed as meeting the highest severity tier: reliable exploitation, significant real-world impact.
Cloud Infrastructure Implications
Shared multi-tenant infrastructure is the dominant model for cloud hosting. Public cloud providers, co-location facilities, and private cloud deployments running VMware vSphere all host multiple workloads from different owners on the same physical hardware with ESXi as the isolation boundary.
The fundamental security guarantee of virtualisation is that the hypervisor provides strong isolation between tenants. Cross-tenant code execution breaks that guarantee at the hypervisor level — a layer that sits below all other security controls. Firewalls, network segmentation, and guest-level endpoint protection are all irrelevant if an attacker can execute code in an adjacent VM at the hypervisor layer.
Priority Actions for ESXi Environments
Broadcom has not yet published a security advisory — the 90-day patch window means a CVE and fix are expected by mid-August 2026. In the interim:
Reduce exposure scope: Audit which ESXi hosts run workloads from different trust levels or different business units. Where possible, segment sensitive workloads to dedicated physical hosts to remove the shared-host attack path.
Monitor for ESXi host anomalies: Unusual processes spawned from the ESXi management shell, unexpected connections from the VMkernel interface, and VM configuration changes not initiated through vCenter are the most likely observable indicators if a cross-tenant exploit were deployed.
Apply Broadcom security patches rapidly when released: When Broadcom releases the fix for this vulnerability, it should be applied within the same emergency window as an actively exploited zero-day. Pwn2Own disclosures become public knowledge to all competitors and attendees — the patch release will be analysed immediately by actors seeking to reconstruct the exploit.
Review cloud provider advisories: Organisations using VMware-based public cloud services should monitor their providers’ security advisories for patches applied at the infrastructure level.
Share this article