ctipilot.ch

Pwn2Own Berlin 2026 (May 14–16) — 47 zero-days, $1,298,250 awarded; DEVCORE Exchange three-bug SYSTEM RCE chain, STARLabs ESXi escape, every AI agent target fell; Compass Security Swiss participation

incident · item:pwn2own-berlin-2026

Coverage timeline
3
first 2026-05-17 → last 2026-05-17
Briefs
1
1 distinct
Sources cited
10
7 hosts
Sections touched
3
action_items, deep_dive, tldr
Co-occurring entities
8
see Related entities below
2026-05-173 appearances2026-05-17

Story timeline

  1. 2026-05-17CTI Daily Brief — 2026-05-17
    tldrTL;DR bullet. Contest wrap-up summary.
  2. 2026-05-17CTI Daily Brief — 2026-05-17
    deep_diveFirst coverage. Deep dive on contest outcomes: DEVCORE Exchange chain (90-day embargo), STARLabs ESXi escape, new AI Agents category — every target fell (Codex, Cursor, LM Studio, LiteLLM, NVIDIA Container Toolkit); capacity-overflow rejected-researcher PoC wave; Compass Security Swiss prize takings (Codex CWE-150 + Cursor).
  3. 2026-05-17CTI Daily Brief — 2026-05-17
    action_itemsAction: inventory AI agent / inference deployments on developer endpoints; egress-restrict RFC-1918; require tool-plugin code signing; ensure EDR coverage of agent runtime processes.

Where this entity is cited

  • tldr1
  • deep_dive1
  • action_items1

Source distribution

  • thezdi.com3 (30%)
  • security-hub.ncsc.admin.ch2 (20%)
  • bleepingcomputer.com1 (10%)
  • msrc.microsoft.com1 (10%)
  • zerodayinitiative.com1 (10%)
  • cisa.gov1 (10%)
  • hackread.com1 (10%)

Related entities

All cited sources (10)

Items in briefs about Pwn2Own Berlin 2026 (May 14–16) — 47 zero-days, $1,298,250 awarded; DEVCORE Exchange three-bug SYSTEM RCE chain, STARLabs ESXi escape, every AI agent target fell; Compass Security Swiss participation (3)

Microsoft Exchange CVE-2026-42897 — actively-exploited OWA stored-XSS, no permanent patch, Pwn2Own three-bug chain compounds the picture

From CTI Weekly Summary — 2026-W20 (May 11 – May 17, 2026) · published 2026-05-17 · view item permalink →

If you did nothing this week: every on-premises Exchange Server 2016 / 2019 / SE deployment with Outlook Web Access reachable from the public internet has been within an active exploitation window since the CISA KEV addition on 2026-05-15. The exploit chain is a stored XSS in OWA's calendar-invite rendering pipeline that executes attacker JavaScript in the victim's session context the moment a crafted invite is opened in a browser; subsequent stages perform internal-mailbox enumeration, mass email-rule creation, and OWA-token theft for lateral SAML / OAuth abuse against connected M365 tenants. Microsoft has shipped only the EEMS (Exchange Emergency Mitigation Service) rule and the EOMT script as temporary mitigations — there is no permanent code patch as of week-end (Microsoft MSRC; Microsoft Exchange Team blog; NCSC.ch Security Hub #12577).

The threat picture compounded on 2026-05-15 when a DEVCORE / Orange Tsai entry at Pwn2Own Berlin Day Two earned $200,000 by chaining three bugs to achieve pre-auth RCE as SYSTEM on Exchange Server SE per the Zero Day Initiative published results (ZDI Day Two; ZDI does not publish per-bug technical detail before vendor patches under the standard 90-day disclosure clock). The DEVCORE chain has not been linked to current ITW exploitation, but Microsoft has not yet issued an out-of-band advisory; defenders should assume that a chained variant combining OWA-XSS initial access with the DEVCORE elevation primitives will become the operationally dominant Exchange threat well before any patch lands (daily 2026-05-16; daily 2026-05-17 UPDATE). For Swiss federal estates running on-premises Exchange (the predominant configuration in cantonal administration and federal-classified-handling environments) the immediate hunt is OWA w3wp.exe worker children spawning anomalous PowerShell / WMI in the days following inbound calendar-invite traffic; the second hunt is the EOMT-script idempotency check (organisations who ran it before the 2026-05-15 rule version will have stale mitigation state).

Microsoft Exchange CVE-2026-42897 OWA-XSS — same-week compounding with the DEVCORE Pwn2Own chain

From CTI Weekly Summary — 2026-W20 (May 11 – May 17, 2026) · published 2026-05-17 · view item permalink →

The Exchange story is unusual in that the cross-day chain plays out within W20 rather than as a multi-week arc. Friday 2026-05-15: Microsoft confirms active exploitation of CVE-2026-42897, an OWA stored XSS in calendar-invite rendering; CISA adds it to KEV with a 2026-05-29 federal remediation deadline; NCSC.ch publishes Security Hub post #12577 the same day (Microsoft MSRC; NCSC.ch #12577; daily 2026-05-16). Thursday 2026-05-15 (Pwn2Own Day Two, parallel timeline): Orange Tsai / DEVCORE earned $200,000 by chaining three bugs to achieve pre-auth RCE as SYSTEM on Exchange Server SE per Zero Day Initiative published results; ZDI does not publish per-bug technical detail before vendor patches under the standard 90-day disclosure clock (ZDI Day Two; daily 2026-05-17 UPDATE).

These are two distinct findings (CVE-2026-42897 stored XSS active in the wild vs. the DEVCORE three-bug chain that achieved pre-auth SYSTEM RCE in a controlled-research setting) and at week-end Microsoft has not formally linked them; but for any threat actor with a foothold via the OWA-XSS, post-foothold escalation primitives along the lines DEVCORE demonstrated are the natural next-stage concern. The composite threat picture is: pre-auth SYSTEM RCE plausibly weaponisable from public research before Microsoft ships a permanent patch; pre-auth session takeover via the OWA-XSS possible today. EEMS / EOMT mitigations address the XSS attack path only. Hunt scope: OWA w3wp.exe worker children spawning anomalous PowerShell / WMI; mailbox-role-assignment audit trail for unexpected privilege transitions.

UPDATE: Exchange CVE-2026-42897 — Pwn2Own DEVCORE three-bug SYSTEM RCE chain emerges alongside active OWA-XSS exploitation

From CTI Daily Brief — 2026-05-17 · published 2026-05-17 · view item permalink →

UPDATE (originally covered 2026-05-15 and 2026-05-16 deep dive): DEVCORE's Orange Tsai chained three undisclosed Exchange Server bugs on Pwn2Own Berlin 2026 Day 2 to achieve unauthenticated remote code execution at SYSTEM privilege level, earning $200,000 (Zero Day Initiative, 2026-05-15; BleepingComputer, 2026-05-15). This chain is separate from the actively-exploited CVE-2026-42897 (OWA stored XSS, no permanent patch; EEMS mitigation M2.1.x only) that the 2026-05-16 deep dive covered. ZDI verbatim: "Orange Tsai (DEVCORE Research Team) earned $200,000 after chaining three bugs to gain remote code execution with SYSTEM privileges on Microsoft Exchange."

The three bugs are under a 90-day Pwn2Own embargo — Microsoft must patch by approximately 2026-08-14 before ZDI publishes technical detail. Operationally, the compound risk for on-premises Exchange has materially worsened in 48 h: one actively exploited XSS without a permanent patch (M2 mitigation only, with known OWA Calendar Print / inline-image side-effects), plus a fresh unauthenticated SYSTEM RCE class that defenders cannot pre-emptively patch. CVE-2026-42897 remains in CISA KEV (added 2026-05-15) with EEMS as the only listed mitigation; the Microsoft Exchange blog post addressing-exchange-server-may-2026-vulnerability-cve-2026-42897 linked from the MSRC advisory returns 502 on direct fetch and the MSRC entry itself is the operational primary (MSRC CVE-2026-42897).

Defender response shift for on-premises Exchange 2016/2019/SE: treat the platform as severely threatened. Verify EEMS service is enabled (Get-ExchangeDiagnosticInfo, mitigation M2.1.x present in applied list); restrict ECP/EWS/OWA reachability from the internet at the WAF or reverse proxy where business-feasible; accelerate any in-progress Exchange Online migration; assume hypothetical compromise paths through both OWA-browser-context attacks (CVE-2026-42897) and a direct service-account SYSTEM RCE chain (Pwn2Own DEVCORE) until Microsoft ships permanent fixes for both. Exchange Online tenants are not in scope for either.