Pwn2Own Automotive 2026 - Day One Results

• 76 unique 0‑day vulnerabilities discovered across three days, totaling $1,047,000 in rewards. • Fuzzware.io clinched Master of Pwn with 28 points, outperforming rivals like Team DDOS and Neodyme. • Alpine iLX‑F511 repeatedly targeted; multiple teams exploited buffer overflows and command injections. • Neodyme AG earned $20,000 for a stack‑based buffer overflow on Sony XAV‑9500ES. • Team DDOS secured $40,000 for dual bugs on ChargePoint Home Flex, despite add‑on failure. • Grizzl‑E Smart 40A saw numerous collisions; PetoWorks and Qrious Secure each earned $10k+. • Total prize pool reached $955,750 after Day Two, culminating in $1,047,000 after Day Three. • Event highlighted advanced exploitation techniques: chained CVEs, privilege escalation, and signal manipulation.

Article Summaries:

• Pwn2Own Automotive 2026 - Day One Results

Day One of Pwn2Own Automotive 2026 saw 30 teams target the latest automotive platforms, yielding 37 unique zero‑day exploits and $516,500 in prizes. Fuzzware.io currently leads the Master of Pwn standings, with Team DDOS close behind. Notable victories include Neodyme AG’s stack‑based overflow on the Alpine iLX‑F511 ($20 k), Fuzzware.io’s dual‑vulnerability chain on an Autel charger ($50 k), and SKShieldus’s credential‑based exploit on the Grizzl‑E Smart 40A ($40 k). Compass Security captured Round 2 on the Alpine iLX‑F511 ($10 k) and later earned a $25 k add‑on win on the Grizzl‑E. PetoWorks and Synacktiv secured full wins on Phoenix Contact and Sony XAV‑9500ES, respectively. Failures included Team Hacking Group on the Kenwood DNR1007XR and a CIS team on the Alpine iLX‑F511. The competition will resume tomorrow with further results expected.

• Pwn2Own Automotive 2026 Day Two saw a surge in action, adding $439,250 and 29 unique 0‑day exploits to the event’s tally. The cumulative prize pool now stands at $955,750 with 66 distinct vulnerabilities uncovered. Fuzzware.io remains the front‑running team for Master of Pwn, though the competition remains tight with one day left. Highlights include Team MAMMOTH’s command‑injection win on the Alpine iLX‑F511 ($10,000, 2 points), FuzzingLabs’ dual‑vulnerability chain on Phoenix Contact’s CHARX SEC‑3150 ($20,000, 4 points), and InnoEdge Labs’ exposed method on Alpitronic HYC50 ($40,000, 4 points). Several collisions occurred, notably on the Alpine iLX‑F511 and Kenwood DNR1007XR, each yielding smaller payouts but adding to the overall tally.
• Pwn2Own Automotive 2026 concluded on Day 3 with a total prize pool of $1,047,000 awarded for 76 unique 0‑day exploits across a range of in‑vehicle systems. The competition’s top performers were Fuzzware.io’s Tobias Scharnowski, Felix Buchmann and Kristian Covic, who earned 28 Master‑of‑Pwn points and $215,500, securing the title. Other notable successes included PetoWorks’ buffer‑overflow on the Grizzl‑E Smart 40A ($10,000, 4 points), Viettel Cyber Security’s heap‑overflow on the Sony XAV‑9500ES ($10,000, 2 points), and Juurin Oy’s TOCTOU exploit on the Alpitronic HYC50 that installed a playable Doom ($20,000, 4 points). Collisions were common, with several teams earning points despite overlapping bugs.

Sources:

• https://www.thezdi.com/blog/2026/1/21/pwn2own-automotive-2026-day-one-results
• https://www.thezdi.com/blog/2026/1/22/pwn2own-automotive-2026-day-two-results
• https://www.thezdi.com/blog/2026/1/23/pwn2own-automotive-2026-day-three-results-and-the-master-of-pwn