Windows 11 and Microsoft Edge hacked at Pwn2Own Berlin 2026

Security researchers demonstrated 24 previously unknown vulnerabilities during the first day of Pwn2Own Berlin 2026, earning $523,000 in bounty payouts. Exploits targeted Windows 11 and Microsoft Edge, exposing critical gaps in the operating system and browser's security defenses.

Pwn2Own competitions simulate real-world attack conditions where vetted researchers attempt to compromise systems using unpublished exploits. Success requires demonstrating full code execution on the target platform. The Berlin event attracts top talent from the global security research community, with Trend Micro's Zero Day Initiative managing the competition and coordinating vulnerability disclosures with affected vendors.

The 24 zero-days confirmed on day one represent significant findings. Windows 11, Microsoft's flagship operating system deployed across millions of enterprise and consumer devices, contained multiple exploitable flaws. Edge, the company's modern browser serving as the default on Windows systems, also proved vulnerable to chaining attacks that bypass security boundaries.

Microsoft typically receives 90 days from disclosure to patch vulnerabilities discovered at Pwn2Own before details become public. This grace period allows the company to develop and test updates before release. The volume of zero-days exploited in a single day underscores the reality that even mature platforms maintained by well-resourced vendors contain undetected flaws.

Organizations running Windows 11 should expect security updates addressing these specific vulnerabilities. Users should prioritize patching when Microsoft releases fixes. The demonstration confirms that sophisticated attackers with resources and expertise can compromise modern Windows and Edge systems despite built-in protections like code integrity checks and exploit mitigations.

The bounty payouts reflect vulnerability severity and exploit complexity. Chains combining multiple zero-days command higher rewards. Researchers who discover these flaws through legitimate channels like Pwn2Own competitions enable vendors to fix them before criminals exploit them in the wild.