{"id":145192,"date":"2026-05-12T17:41:26","date_gmt":"2026-05-12T16:41:26","guid":{"rendered":"https:\/\/hackread.com\/?p=145192"},"modified":"2026-05-12T17:43:45","modified_gmt":"2026-05-12T16:43:45","slug":"pwn2own-berlin-2026-hits-capacity-hackers-0-days","status":"publish","type":"post","link":"https:\/\/hackread.com\/pwn2own-berlin-2026-hits-capacity-hackers-0-days\/","title":{"rendered":"Pwn2Own Berlin 2026 Hits Capacity as Rejected Hackers Release 0-Days"},"content":{"rendered":"\n

The world\u2019s most famous hacking contest is facing a crisis it didn\u2019t see coming. For the first time in 19 years, Pwn2Own Berlin 2026<\/a> has reportedly run out of space. The event, run by Trend Micro\u2019s Zero Day Initiative (ZDI), hit a hard limit on how many hackers it can actually host. For your information, Pwn2Own<\/a> is a live competition where experts detect zero-day vulnerabilities.<\/p>\n\n\n\n

What\u2019s Happening with Pwn2Own Berlin?<\/strong><\/h3>\n\n\n\n

This 3-day contest officially starts on 14 May 2026 at OffensiveCon. However, the real action is all happening behind the stage as ZDI staff had to close the event\u2019s registration early on 7 May because they simply couldn\u2019t handle any more entries.<\/p>\n\n\n\n

The reason is that the contest has a fixed schedule because every exploit chain must be tested live. This process involves a team of ZDI staff who check the research, set up the exact hardware, and watch the attack happen on stage. And that\u2019s why they can only handle a certain number of attempts. One of the dejected experts, Ryotkak, spent three weeks trying to sign up, only to be told the event was at maximum capacity.<\/p>\n\n\n\n

This bottleneck is happening because hackers are finding security flaws faster than the company can process them. Much of this speed comes from new Artificial Intelligence<\/a> (AI) categories. This year, hackers are targeting tools like Claude Code<\/a>, GitHub Copilot,<\/a> Cursor, Ollama, and LM Studio. A report from Palisade Research<\/a> suggests that AI is now helping these researchers build exploit chains at a speed that traditional contests can\u2019t match.<\/p>\n\n\n

\n
\"Pwn2Own<\/a>
International Cyber Digest @IntCyberDigest<\/a> on X, revealing details about the reported incident<\/figcaption><\/figure>\n<\/div>\n\n\n

Researchers Go Public with Findings<\/strong><\/h3>\n\n\n\n

Because they were rejected, dozens of researchers are now releasing their secrets for free. This is being called a \u201crevenge disclosure\u201d wave. The group xchglabs had 86 vulnerabilities ready for systems like NVIDIA, Docker, Linux KVM, and PyTorch. Since they can\u2019t compete for the $1,000,000 prize pool, they are sending their findings straight to the companies and posting the details online.<\/p>\n\n\n\n

Another researcher, ggwhyp, showed off a way to take over Firefox on Windows by making it open a calculator app. FuzzingLabs also had a way to break into an Oracle Autonomous AI Database that will now be shared outside the contest.<\/p>\n\n\n

\n
\"Pwn2Own<\/a><\/figure>\n<\/div>\n\n\n

This is bad news for the hackers who actually got a spot in Berlin because if a rejected researcher reports a bug today, companies like Mozilla or Anthropic might fix it immediately with a silent patch. If a company fixes the software before the contest starts, the hacker\u2019s work becomes a collision or an n-day<\/a>, which means it isn\u2019t a secret anymore.<\/p>\n\n\n\n

In this case, the effort of those lucky contestants who made it to the stage might already be useless, and unfortunately, they won\u2019t receive any reward. What\u2019s even worse is that the secrecy and hype that usually surrounds Pwn2Own<\/a> is gone, and the event hasn\u2019t even started yet.<\/p>\n\n\n

\t\t
\n\t\t\t
\n\t\t\t\t\n\t\t\t\t
\n\t\t\t\t\t\n\t\t\t\t\t\n\t\t\t\t\t
\n\t\t\t\t\t\t\n\t\t\t\t\t\t\tDeeba Ahmed\t\t\t\t\t\t<\/a>\n\t\t\t\t\t<\/h5>\n\n\t\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\n\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\tDeeba is a veteran cybersecurity reporter at Hackread.com with over a decade of experience covering cybercrime, vulnerabilities, and security events. Her expertise and in-depth analysis make her a key contributor to the platform\u2019s trusted coverage.\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t
\n\t\t\n\t\t\tView Posts\t\t<\/a>\n\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/div>\n\t<\/div>","protected":false},"excerpt":{"rendered":"Pwn2Own Berlin 2026 reportedly reached full capacity for the first time, prompting rejected researchers to publicly disclose zero-day exploits targeting Firefox, NVIDIA, and AI platforms.\n","protected":false},"author":57,"featured_media":145213,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"cybocfi_hide_featured_image":"","footnotes":""},"categories":[9],"tags":[26120,4610,4611,4386,5286,1430,1523,27745],"ppma_author":[29328],"class_list":["post-145192","post","type-post","status-publish","format-standard","has-post-thumbnail","category-security","tag-0day","tag-ai","tag-artificial-intelligence","tag-cybersecurity","tag-pwn2own","tag-trend-micro","tag-vulnerability","tag-zdi","cs-entry","cs-video-wrap"],"acf":[],"authors":[{"term_id":29328,"user_id":57,"is_guest":0,"slug":"deeba","display_name":"Deeba Ahmed","avatar_url":"https:\/\/secure.gravatar.com\/avatar\/9fefbe13a37a8aeb4620dfe89bb7feabd9433643ff382b6b882f27837a4cfb72?s=96&d=mm&r=g","author_category":"","first_name":"Deeba","last_name":"Ahmed","user_url":"https:\/\/hackread.com\/","job_title":"","description":"Deeba is a veteran cybersecurity reporter at Hackread.com with over a decade of experience covering cybercrime, vulnerabilities, and security events. Her expertise and in-depth analysis make her a key contributor to the platform\u2019s trusted coverage."}],"_links":{"self":[{"href":"https:\/\/hackread.com\/wp-json\/wp\/v2\/posts\/145192","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hackread.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hackread.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hackread.com\/wp-json\/wp\/v2\/users\/57"}],"replies":[{"embeddable":true,"href":"https:\/\/hackread.com\/wp-json\/wp\/v2\/comments?post=145192"}],"version-history":[{"count":15,"href":"https:\/\/hackread.com\/wp-json\/wp\/v2\/posts\/145192\/revisions"}],"predecessor-version":[{"id":145219,"href":"https:\/\/hackread.com\/wp-json\/wp\/v2\/posts\/145192\/revisions\/145219"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hackread.com\/wp-json\/wp\/v2\/media\/145213"}],"wp:attachment":[{"href":"https:\/\/hackread.com\/wp-json\/wp\/v2\/media?parent=145192"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hackread.com\/wp-json\/wp\/v2\/categories?post=145192"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hackread.com\/wp-json\/wp\/v2\/tags?post=145192"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/hackread.com\/wp-json\/wp\/v2\/ppma_author?post=145192"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}