1 article
By the close of Pwn2Own Berlin 2026, researchers had demonstrated four separate, independently discovered privilege escalation paths from standard user to SYSTEM on fully patched Windows 11. Each exploited a different component and vulnerability class. The results indicate the Windows kernel and user/kernel boundary remain a consistently productive attack surface for skilled researchers.