$1,047,000 - 76 unique 0-day vulnerabilities - three days of incredible research on display. #Pwn2Own Automotive had it all: bold exploits, clever techniques, and collisions. Congrats to Fuzzware.io (@ScepticCtf, @diff_fusion, @SeTcbPrivilege), Master of Pwn with $215,500 and 28 points! #P2OAuto
Collision! Ryo Kato (@Pwn4S0n1c) targeted the Autel MaxiCharger AC Elite Home 40A, demonstrating a three-bug chain but encountering one collision, still earning $16,750 USD and 3.5 Master of Pwn points. #Pwn2Own #P2OAuto
Verified! Nam Ha Bach and Vu Tien Hoa of the FPT NightWolf Team targeted the Alpine iLX-F511, exploiting one unique vulnerability to gain root access and earning $5,000 USD and 2 Master of Pwn points. #Pwn2Own #P2OAuto
Confirmed! Elias Ikkelä-Koski and Aapo Oksman of Juurin Oy targeted the Kenwood DNR1007XR, demonstrating a link-following vulnerability to earn $5,000 USD and 2 Master of Pwn points. #Pwn2Own #P2OAuto
Collision. Autocrypt (Hoyong Jin, Jaewoo Jeong, Chanhyeok Jung, Minsoo Son, and Kisang Choi) targeted the Alpine iLX-F511, demonstrating two vulnerabilities to gain root access. One collided with a previously known issue, earning $3,000 USD and 1.25 Master of Pwn points. #Pwn2Own #P2OAuto
Collision! Nguyen Thanh Dat (@rewhiles) of Viettel Cyber Security (@vcslab) targeted the Kenwood DNR1007XR, demonstrating one bug but encountering a collision, earning $2,500 USD and 1 Master of Pwn point. #Pwn2Own #P2OAuto
Boom! or shall I say Doom? Game On! Aapo Oksman, Elias Ikkelä-Koski and Mikael Kantola of Juurin Oy exploit the Alpitronic HYC50 with a TOCTOU bug - and installed a playable version of Doom to boot. They earn $20,000 and 4 Master of Pwn points. #Pwn2Own #P2OAuto
Collision! Qrious Secure (@qriousec) targeted the Kenwood system, demonstrating three bugs - one n-day and two unique vulnerabilities (incorrect permission assignment and a race condition), earning $4,000 USD and 1.75 Master of Pwn points. #Pwn2Own #P2OAuto
Confirmed! Viettel Cyber Security (@vcslab) targeted the Sony XAV‑9500ES, exploiting a heap‑based buffer overflow to achieve arbitrary code execution, earning $10,000 USD and 2 Master of Pwn points. #Pwn2Own #P2OAuto
Verified! Bongeun Koo (@kiddo_pwn) and Evangelos Daravigkas (@freddo_1337) of Team DDOS targeted the Alpine iLX‑F511, exploiting a stack‑based buffer overflow to earn $5,000 USD and 2 Master of Pwn points. #Pwn2Own #P2OAuto
Confirmed! PetoWorks (@petoworks) targeted the Grizzl-E Smart 40A, exploiting one buffer overflow bug, and earned $10,000 USD and 4 Master of Pwn points. #Pwn2Own #P2OAuto
Collision! Team MST targeted the Kenwood DNR1007XR, demonstrating one bug but running into a collision, earning $2,500 USD and 1 Master of Pwn point. #Pwn2Own #P2OAuto
Another collision! Slow Horses of Qrious Secure (@qriousec) targeted the Grizzl-E Smart 40A but encountered two bug collisions, still earning $5,000 USD and 2 Master of Pwn points. #Pwn2Own #P2OAuto
Collision! Tobias Scharnowski (@ScepticCtf), Felix Buchmann (@diff_fusion), and Kristian Covic (@SeTcbPrivilege) of Fuzzware.io targeted the Alpine iLX-F511, demonstrating one vulnerability previously used by another contestant, earning $2,500 USD and 1 Master of Pwn point. #Pwn2Own #P2OAuto
Day 3 of Pwn2Own Automotive 2026 is here - the final push. Bold attempts. High stakes. One last day. #Pwn2Own #P2OAuto
In a highlight from Day One of #Pwn2Own Automotive 2026, @synacktiv.com targets the #Tesla infotainment system. #P2OAuto
youtube.com/shorts/DKYT-...
Another Collision to close out Day 2! BoB::Takedown targeted the Phoenix Contact CHARX SEC-3150, demonstrating three bugs, but ran into two collisions, earning $6,750 USD and 2.75 MoP. #Pwn2Own #P2OAuto
Collision! ZIEN Inc. targeted the ChargePoint Home Flex (CPH50-K), demonstrating two unique bugs (symlink following and command injection) but encountered a collision with a previous attempt - still earning $16,750 USD and 3.5 Master of Pwn points. #Pwn2Own #P2OAuto
Collision! Evan Grant (@stargravy) targeted the Grizzl-E Smart 40A with the Charging Connector Protocol/Signal Manipulation add-on, hitting two bug collisions, still earning $15,000 USD and 3 Master of Pwn points. #Pwn2Own #P2OAuto
Verified! Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) targeted the Alpine iLX-F511, exploiting two unique vulnerabilities to gain root access, earning $5,000 USD and 2 Master of Pwn points. #Pwn2Own #P2OAuto
Another Collision! Bongeun Koo and Evangelos Daravigkas of Team DDOS targeted the Phoenix Contact CHARX SEC-3150 with the Charging Connector Protocol/Signal Manipulation add-on, demonstrating six bugs but encountering a collision, still earning $19,250 USD and 4.75 MoP. #Pwn2Own #P2OAuto
Another Collision! Tobias Scharnowski, Felix Buchmann, and Kristian Covic of Fuzzware.io targeted the Grizzl-E Smart 40A with the Charging Connector Protocol/Signal Manipulation add-on, resulting in two bug collisions and earning $15,000 USD and 3 Master of Pwn points. #Pwn2Own #P2OAuto
Another collision! PetoWorks (@petoworks) targeted the Kenwood DNR1007XR, hitting one bug collision earning $2,500 USD and 1 Master of Pwn point. #Pwn2Own #P2OAuto
Confirmed! Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) targeted the ChargePoint Home Flex (CPH50-K) with the Charging Connector Protocol/Signal Manipulation add-on, exploiting two bugs to earn $30,000 USD and 5 Master of Pwn points. #Pwn2Own #P2OAuto
Confirmed! Tobias Scharnowski, Felix Buchmann, and Kristian Covic of Fuzzware.io targeted the ChargePoint Home Flex (CPH50-K) with the Charging Connector Protocol/Signal Manipulation add-on, exploiting one command injection bug to earn $30,000 USD and 5 Master of Pwn points. #Pwn2Own #P2OAuto
Verified! Synacktiv (@synacktiv) targeted the Autel MaxiCharger AC Elite Home 40A with the Charging Connector Protocol/Signal Manipulation add‑on. In Round 2, they exploited one stack‑based buffer overflow, earning $30,000 USD and 5 Master of Pwn points. #Pwn2Own #P2OAuto
Collision! PHP Hooligans / Midnight Blue (@midnightbluelab) targeted the Autel MaxiCharger AC Elite Home 40A with the Charging Connector Protocol/Signal Manipulation add-on, hitting a full collision on a two-bug chain, earning $20,000 USD and 3 Master of Pwn points. #Pwn2Own #P2OAuto
