The second day of Pwn2Own Berlin 2026 added $385,750 across 15 unique zero-days, bringing the running total to $908,750 across 39 zero-days. The headline was Orange Tsai of DEVCORE chaining three bugs to gain SYSTEM-level remote code execution on Microsoft Exchange Server, taking the $200,000 top prize and pushing his event total past $375,000. Other day-two wins included a Windows 11 integer-overflow LPE, a Red Hat Enterprise Linux for Workstations root, a use-after-free in NVIDIA Container Toolkit, and AI-category exploits against LM Studio, Cursor, OpenAI Codex, and Anthropic Claude Desktop (the last as a collision with a previously known bug).
Deutsche Telekom's Red Team disclosed CVE-2026-41651, a local privilege escalation in the PackageKit daemon that has shipped in default Linux installations since November 2014. Any unprivileged local user can invoke 'pkcon install' without a polkit prompt, install or remove arbitrary packages, and escalate to root. CVSS 8.8. Confirmed-vulnerable defaults include Ubuntu Desktop and Server LTS, Debian Trixie, Rocky Linux 10.1, and Fedora 43; any RHEL server running Cockpit is also exposed because Cockpit loads PackageKit on demand via D-Bus. PackageKit 1.3.5 fixes it. The researchers credited Anthropic's Claude Opus with helping guide the discovery.