Pwn2Own Was Full — So Rejected Hackers Dropped Their 0-Days for Free Instead

Everyone is talking about the record $1M+ payout at Pwn2Own Berlin 2026. Nobody is talking about the researchers who didn’t make it in — and what they did when the door was slammed in their faces. In a story that should alarm every software vendor and enterprise security team, multiple researchers who were locked out of Pwn2Own Berlin 2026 due to capacity constraints chose to publicly release their zero-days anyway — for free, without coordinated disclosure, without notifying vendors. This side story is, arguably, more consequential than the official competition results.

What Happened When Pwn2Own Berlin Hit Capacity

Pwn2Own Berlin 2026, held May 14-16 at OffensiveCon, was the most popular edition of the competition in its history. The Zero Day Initiative (ZDI), which organizes the event, had expanded the target list significantly this year — adding AI products like OpenAI Codex, LiteLLM, and NVIDIA Megatron Bridge alongside traditional targets. The expanded scope attracted more researchers than the event could accommodate.

ZDI operates on a first-come, first-served registration model with a fixed number of slots per target. When those slots fill, researchers are waitlisted or turned away. This year, dozens of research teams found themselves on the outside of a sold-out competition — with working zero-days they had spent months developing.

According to HackRead’s reporting, multiple turned-away researchers decided not to wait for the next Pwn2Own. Instead, they coordinated a simultaneous public release of their zero-days during the conference week — a deliberate statement that the vulnerability disclosure ecosystem needs to work for them, or they’ll bypass it entirely.

The Researchers Who Got Turned Away

The researchers who release zero-days outside of Pwn2Own aren’t amateurs — they’re serious security professionals with the same caliber of research as the teams who competed inside the event. Several are independent researchers who rely on vulnerability bounties and competition prizes as a significant part of their income. Being shut out of Pwn2Own doesn’t just mean missing a competition — it means losing months of work with no path to monetization.

This creates a deeply problematic incentive structure. Responsible disclosure — the process of notifying vendors privately, giving them time to patch, and only then publishing details — depends on researchers choosing the slower, less immediately rewarding path. That choice is easier to make when the alternative is a well-funded bug bounty program or a competition payout. When those paths are closed, the responsible disclosure calculus changes.

Some of the researchers who released bugs publicly framed it explicitly as a protest. Their argument: if ZDI can attract so many high-quality researchers that it has to turn people away, it has an obligation to either expand capacity or provide alternative monetization paths for turned-away research. In the absence of either, the market will find its own solution — and that solution is public disclosure.

Why They Released Their 0-Days for Free

The decision to release zero-days publicly and for free — rather than selling them to a broker — was deliberate and ideological. The researchers involved aren’t in the business of selling to nation-states or criminal actors. They’re offensive security professionals who work in a world with a clear norm: you either monetize through legitimate channels (bug bounties, competitions, private research firms) or you disclose publicly for reputation and community recognition.

When Pwn2Own cut them off, the legitimate monetization channel was closed. Bug bounty programs rarely pay Pwn2Own-level amounts for the same research. So the choice became: sit on the research indefinitely, sell to a broker (which many refuse to do on ethical grounds), or release publicly for recognition and to make a point. They chose public release.

This is the dark side of the vulnerability economy that rarely gets discussed in polite security conference settings. The responsible disclosure ecosystem is not a natural or self-sustaining system — it depends on constant calibration of incentives. When those incentives go out of alignment, the consequences are felt by the vendors and users whose unpatched software is suddenly exposed.

Which Bugs Were Dropped?

The publicly released vulnerabilities from turned-away Pwn2Own 2026 researchers covered a range of targets. Without listing specific CVEs that may still be unpatched, the categories included enterprise VPN software, a widely used open-source web framework, and components in at least one major cloud provider’s management plane. The affected vendors were notified simultaneously with the public release — not before — giving them no advance time to develop mitigations before the information was publicly available to attackers.

Security researchers and threat intelligence teams have already begun tracking exploitation attempts in the wild for at least one of the publicly released vulnerabilities. The window between public release and active exploitation has shrunk dramatically in 2026 — Mandiant’s M-Trends 2026 report found that 28.3% of CVEs are exploited within 24 hours of disclosure. Uncoordinated public disclosure into this environment is extraordinarily dangerous.

A Responsible Disclosure Crisis

The Pwn2Own capacity overflow incident is a canary in the coal mine for a broader responsible disclosure crisis. Several forces are converging to stress the ecosystem:

More researchers, fewer slots. The expansion of AI as a target category has attracted new researchers to the vulnerability market — AI engineers who understand these systems deeply but may not have the same cultural commitment to responsible disclosure that traditional security researchers have. As the researcher population grows and diversifies, the norms of responsible disclosure become harder to maintain.

AI-accelerated research. Tools like Microsoft’s MDASH and commercial AI-assisted security tools are dramatically reducing the time and expertise required to find vulnerabilities. Research that used to take months can now take days. This is accelerating the supply of vulnerabilities faster than the disclosure infrastructure can handle.

Economics vs. ethics. The financial gap between responsible disclosure (bug bounty payouts, competition prizes) and irresponsible disclosure (selling to brokers) has narrowed as AI tools reduce the cost of discovery. When responsible disclosure pays $50,000 and broker sales pay $500,000 for the same research, the ethical premium required to choose the responsible path is high and getting higher.

ZDI Has a Capacity Problem It Must Fix

The Zero Day Initiative has built the most important responsible disclosure institution in cybersecurity over the past two decades. Pwn2Own is genuinely one of the most valuable events in the security calendar — not just for the prize money, but for the coordinated disclosure it facilitates, the relationships it builds between researchers and vendors, and the signal it provides about where software is most vulnerable.

But ZDI’s capacity model has a structural flaw: it creates winners and losers based on registration speed, not research quality. The researchers who got shut out of Berlin 2026 may have had the most technically impressive research at the event — they just couldn’t get a slot. That’s not a good system for anyone. It certainly isn’t good for the vendors whose users are now exposed to unpatched vulnerabilities that could have been disclosed responsibly.

ZDI needs to explore alternatives: online submission tracks for turned-away researchers that still provide coordinated disclosure and some level of compensation, expanded event capacity for future editions, or tiered competition formats that allow more research to be submitted without requiring physical presence. The current model cannot scale to a world where AI tools have made high-quality vulnerability research accessible to thousands of researchers rather than hundreds.

What Affected Vendors Should Do Now

For vendors whose software is in scope at Pwn2Own — and that’s an ever-expanding list — the capacity overflow incident should prompt immediate action:

First, establish direct relationships with turned-away researchers. If a researcher has a working Pwn2Own-quality exploit against your software that they couldn’t submit to ZDI, you want to know about it. Proactively reaching out to researchers who were shut out — many of whom post publicly about their participation attempts — can turn a potential uncoordinated disclosure into a responsible one.

Second, run your own bug bounty programs with payouts competitive with Pwn2Own prizes for the most severe vulnerabilities. A CVSS 9.8 RCE in your product is worth a $500,000 payout. The cost of not finding it first is far higher. For guidance on AI-assisted security research, see our guide to building AI tools in 2026.

Third, monitor public vulnerability releases during and immediately after security conferences for research targeting your products. The Pwn2Own overflow releases happened during conference week — a pattern that will likely repeat at future events. Conference weeks should be high-alert periods for security operations teams.

Conclusion

The $1M+ paid at Pwn2Own Berlin 2026 is the headline. The zero-days dropped by researchers who couldn’t get in are the story that matters more for the security ecosystem’s long-term health. Responsible disclosure works when the incentives align — and right now, the capacity constraints of the world’s most important vulnerability disclosure event are misaligning those incentives in a way that puts users at risk.

ZDI has an opportunity to lead here. The alternative — a world where capacity constraints push more and more high-quality vulnerability research into uncoordinated public disclosure — is worse for everyone except the threat actors who exploit the resulting chaos. The security community needs to have this conversation now, before the next Pwn2Own capacity overflow event makes it moot.