Pwn2Own Berlin 2026 surfaced 47 fresh zero-day vulnerabilities across the technology stack NZ businesses rely on daily — Microsoft Exchange, SharePoint, Edge, VMware ESXi, browsers, AI infrastructure, and more. With Trend research showing vendors are increasingly slow to patch disclosed flaws, the window between disclosure and exploitation is a real risk for Kiwi organisations running these platforms.
What Happened
At Pwn2Own Berlin, sponsored for the first time by NVIDIA, ethical hackers earned over US$1.29 million disclosing 47 unique zero-days through TrendAI™ Zero Day Initiative (ZDI). Categories spanned AI databases, coding agents, browsers, enterprise applications, servers, virtualisation, and — new this year — NVIDIA's AI infrastructure components including Megatron Bridge, NV Container Toolkit, and Dynamo.
Standout exploits included Orange Tsai (DEVCORE) chaining three bugs for SYSTEM-level Remote Code Execution on Microsoft Exchange (US$200,000), and a separate four-bug chain achieving a Microsoft Edge sandbox escape (US$175,000). Splitline exploited Microsoft SharePoint with a two-bug chain (US$100,000), Nguyen Hoang Thach (STARLabs) achieved cross-tenant code execution on VMware ESXi (US$200,000), and IBM X-Force's Chompie compromised NVIDIA's Container Toolkit with a single bug.
The implication for defenders is significant. Exchange, SharePoint, Edge, and ESXi are deeply embedded in NZ business environments, and AI infrastructure is moving in fast. ZDI coordinates private disclosure to vendors so fixes can be developed before exploitation — but the patch gap between disclosure and vendor release is widening, and attackers move quickly once details surface.
Trend customers benefit from this intelligence directly: virtual patching through Trend Vision One™ typically protects organisations an average of three months ahead of official vendor patches, materially shrinking exposure during that vulnerable window.
Key Takeaways
-
47 new zero-days were disclosed across enterprise, virtualisation, browser, and AI categories at Pwn2Own Berlin 2026.
-
Microsoft Exchange, SharePoint, Edge, and VMware ESXi — all common in NZ environments — were successfully exploited.
-
NVIDIA's AI infrastructure (NV Container Toolkit, Megatron Bridge, Dynamo) was a target for the first time, signalling AI stack security is now a frontline issue.
-
Vendor patching timelines are slipping, lengthening the exposure window for unpatched organisations.
-
Trend Vision One™ customers receive virtual patching protection an average of three months ahead of vendor fixes.
-
Cross-tenant code execution on ESXi is particularly serious for any business using shared virtualisation or hosted infrastructure.
What NZ Businesses Should Do
-
Prioritise patching for Microsoft Exchange, SharePoint, Edge, and VMware ESXi. Subscribe to vendor advisories and ensure your change process can deploy critical patches within days, not weeks.
-
Deploy virtual patching to cover the gap. Trend Vision One™ Network Security / TippingPoint® and TrendAI Server and Workload Protection provide IPS-based shielding for known vulnerabilities before vendor patches are applied or while testing is underway.
-
Map your AI infrastructure exposure. If you're running NVIDIA components, containerised AI workloads, or coding agents, bring them into your vulnerability management scope. Trend Vision One™ Cyber Risk Exposure Management can identify and prioritise these assets.
-
Strengthen detection for post-exploitation activity. Assume some zero-days will be exploited before patching. Trend Vision One™ Security Operations (XDR + Agentic SIEM + Agentic SOAR) provides cross-layer detection for the lateral movement, privilege escalation, and persistence techniques that follow an initial RCE.
-
Review virtualisation segmentation. With cross-tenant ESXi exploitation demonstrated, validate that management networks, tenant boundaries, and hypervisor access controls are tightly enforced and monitored.