FeedVulnerabilityMicrosoft Exchange zero-day chain nets DEVCORE $200K at Pwn2...
VulnerabilityCyber Insider
9.5CRITICAL

Microsoft Exchange zero-day chain nets DEVCORE $200K at Pwn2Own

📅 15 May 2026 at 20:32 UTC📰 Cyber InsiderView original source ↗
Microsoft Exchange zero-day chain nets DEVCORE $200K at Pwn2Own

Pwn2Own Berlin 2026 continued with another wave of successful zero-day demonstrations on Thursday, as security researchers earned $385,750 for 15 unique vulnerabilities targeting enterprise software, AI platforms, operating systems, and developer tools. The biggest payout of the day went to DEVCORE’s Orange Tsai, who chained three vulnerabilities to achieve remote code execution as SYSTEM on … The post Microsoft Exchange zero-day chain nets DEVCORE $200K at Pwn2Own appeared first on CyberInsider.

🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview

A total of $908,750 was awarded for 39 unique zero-day vulnerabilities targeting enterprise software, AI platforms, operating systems, and developer tools during Pwn2Own Berlin 2026. DEVCORE's Orange Tsai earned the largest payout with a chain of three vulnerabilities in Microsoft Exchange.

⚙️Technical Details
Attack Vectors
remote code execution as SYSTEM on Microsoft Exchangecode-injection vulnerability in LM Studioexploitation of Cursor's AI-powered code editorcompromise of OpenAI Codexuse-after-free vulnerability in Ollamause-after-free vulnerability in LiteLLMuse-after-free vulnerability in NVIDIA Container Toolkit
💥Impact Assessment
Severity: critical
Who Is at Risk
enterprises integrating AI-powered coding environments into development workflowsusers of Microsoft Exchange, LM Studio, Cursor, and OpenAI Codexusers of Ollama and LiteLLMusers of NVIDIA Container ToolkitSeverity: critical
🛡️Recommended Actions
1Implement a vulnerability management program to identify and patch zero-day vulnerabilities in AI-powered coding environments and Microsoft Exchange.
2Regularly update and patch systems with known vulnerabilities, including Ollama and LiteLLM.
3Use secure configuration practices for NVIDIA Container Toolkit to prevent exploitation.
📦Affected Products
Microsoft ExchangeLM StudioCursorOpenAI CodexOllamaLiteLLMNVIDIA Container ToolkitRed Hat Enterprise Linux for WorkstationsWindows 11

Read the full article

This is a curated summary. The complete article is available at Cyber Insider.

Read on Cyber Insider
← Back to feed