1 article
STARLabs SG earned $200,000 at Pwn2Own Berlin 2026 for a single vulnerability enabling cross-tenant code execution on VMware ESXi, allowing code running in one virtual machine to execute in a separate guest VM on the same hypervisor host. The bug has not been assigned a CVE and will not be publicly disclosed for up to 90 days.