Pwn2Own Automotive 2026 Ends With 76 Zero Days and $1.047M Paid Out, A Record Signal for EV Charger and IVI Risk
Pwn2Own Automotive 2026 delivered a blunt message to anyone operating modern vehicle ecosystems: the attack surface is expanding faster than many organizations can patch, validate, and monitor. Across three days in Tokyo, researchers demonstrated 76 unique zero day vulnerabilities on fully patched targets and earned $1,047,000 in awards. For CISOs and engineering leaders, the headline is not the prize money. It is the repeatable reality that EV chargers, in vehicle infotainment systems, and automotive operating systems can still be compromised through vulnerability classes that keep showing up in embedded environments.
What Happened at Pwn2Own Automotive 2026
Pwn2Own Automotive is designed to pressure test real world automotive technology under conditions that approximate how attackers think: constrained time, high incentives, and a focus on outcomes such as code execution, root access, or meaningful device manipulation.
76 unique zero days - largest vulnerability count in Automotive edition history
In 2026, that pressure produced the largest vulnerability count the Automotive edition has recorded so far. The contest ran January 21-23 in Tokyo during the Automotive World conference, and the targets were not lab curiosities.
Scope included:
- Fully patched IVI systems
- EV charging infrastructure
- Automotive operating systems (Automotive Grade Linux)
Day-by-Day Progression
The day-by-day progression matters because it shows how quickly the field moved from "interesting exploits" to "systemic pattern."
| Day | Awards | Zero Days | Cumulative |
|---|---|---|---|
| Day 1 | $516,500 | 37 | 37 |
| Day 2 | $439,250 | 29 | 66 |
| Day 3 | $91,250 | 10 | 76 |
| Total | $1,047,000 | 76 | — |
$516,500 for 37 unique zero days - would have been a full event total in earlier years
Day 1 alone awarded $516,500 for 37 unique zero days, an intense pace that would have been a full event total in earlier years. Day 2 pushed the running total to 66, surpassing the prior three-day benchmark of 49 vulnerabilities seen in previous Automotive editions.
Day 3 also highlighted collisions - where teams hit overlapping bugs already used by others. This is not a footnote. It is evidence that multiple researchers are independently finding the same categories of weaknesses, suggesting attackers can as well.
The Technical Breakdown Security Teams Should Care About
From a defensive lens, the most useful question is not "who won," but "what kinds of failures produced successful compromise on fully patched systems."
Recurring Vulnerability Classes
| Weakness Type | Prevalence |
|---|---|
| Command injection paths | High |
| Buffer overflows (stack and heap) | High |
| Authentication weaknesses | Medium |
| Unsafe exposed methods/interfaces | High |
Those weaknesses are amplified by the embedded reality of:
- Long-lived devices
- Mixed ownership boundaries
- Operational constraints that delay patch adoption
EV Charging: Beyond Just a Shell
EV charging stood out because of the add-on techniques and objectives that go beyond a shell. In multiple attempts, teams did not merely execute code - they demonstrated charging connector protocol and signal manipulation.
Cyber issues can translate into operational impact at charging stations
That is the escalation path defenders should model: a vulnerability chain that starts with a management interface or protocol weakness, then moves into control plane functions, and finally influences behavior that operators perceive as "equipment failure" rather than "security incident."
IVI Compromise Patterns
IVI systems sit at an uncomfortable intersection of consumer-facing complexity and automotive lifecycle constraints. The event included:
- Successful root-level outcomes against multiple head units
- USB-based attack against Tesla infotainment
- Collisions pointing to concentrated weakness hotspots (shared components, libraries, coding patterns)
Why This Is Bigger Than a Competition
The immediate "affected" population is the vendors and products that were targeted, but the broader impact lands on organizations that deploy and operate these technologies at scale.
EV Charging Operators
Chargers often sit on networks built for uptime and remote manageability rather than hostile threat environments. They may be connected via:
- Third-party maintenance channels
- Vendor cloud backends
- On-site connectivity that varies widely between locations
When researchers repeatedly demonstrate compromise chains, attackers will test the same paths
Automakers and Tier 1 Suppliers
The boundary between infotainment compromise and safety-critical domains is supposed to be controlled, but real systems contain:
- Diagnostic surfaces
- Bridging components
- Operational shortcuts
The right question: Does your architecture enforce separation under failure, not merely in design documentation?
Software Supply Chain Angle
Automotive Grade Linux and similar platforms represent the accelerating software supply chain reality of modern vehicles. A successful exploit chain against an automotive OS environment signals that secure development lifecycle controls need to meet enterprise software standards:
- Vulnerability intake processes
- Reproducible builds where possible
- SBOM-driven risk review
- Operational patch pipeline built for speed
How to Respond: The 90-Day Disclosure Window
The most actionable aspect of Pwn2Own Automotive 2026 is the disclosure cadence. Under ZDI's policy, vendors typically have a 90-day window to develop and release fixes before public disclosure.
For defenders, that window should be treated as preparation time, not passive waiting.
Step 1: Asset Certainty
| Question | Why It Matters |
|---|---|
| Which EV charger models are deployed? | Cannot patch what you cannot find |
| Which firmware versions are present? | Determines vulnerability exposure |
| Which units are reachable from where? | Defines attack surface |
If you cannot inventory reliably, you cannot patch reliably
Step 2: Plan for Patch Intake
- Pre-define maintenance windows
- Prepare rollback plans
- Establish monitoring signals for operational regression
- Build a staging pipeline that mirrors production
Step 3: Harden Assuming Future PoC
| Control | Implementation |
|---|---|
| Network segmentation | Isolate EV charging from corporate IT and guest networks |
| Management access restriction | Known administration points only |
| Anomalous traffic monitoring | Watch charger management ports and protocols |
| Physical access review (IVI) | Enforce policy on USB/diagnostic processes |
Why 76 Zero Days Changes the Conversation
Scale Matters
In earlier years, 49 zero days over three days was a meaningful indicator. Surpassing that by a wide margin indicates researchers found enough fertile ground to keep producing unique results throughout the event.
This is not an edge case problem - it is a broad quality and exposure challenge across embedded platforms
Collision Dynamics
Collisions mean two things simultaneously:
- Defenders can prioritize certain weakness classes because independent teams converge on them
- Attackers can likely reproduce those findings
The convergence is consistent with broader embedded security realities where unsafe interfaces, credential handling, and input validation failures recur across product lines.
Regulatory and Assurance Context
Automotive cybersecurity requirements are increasingly shaping supplier expectations and product governance. A record year at a public contest:
- Does not prove widespread wild exploitation
- Does raise the cost of inaction for organizations that must demonstrate due diligence
Boards and regulators will not be persuaded by "we run the latest version" when the public record shows fully patched systems still yielded meaningful compromise.
Closing
Pwn2Own Automotive 2026 will be remembered less for the prize total than for the record volume of demonstrated zero days on fully patched targets.
For most organizations, the correct response is neither panic nor dismissal. It is disciplined preparation during the coordinated disclosure window:
| Action | Timeline |
|---|---|
| Inventory what you run | Now |
| Reduce exposure where you can | Now |
| Prepare to validate and deploy fixes | Before advisories go public |
| Plan maintenance without breaking operations | Within 90 days |
If you operate EV chargers, IVI platforms, or automotive OS components, assume that Pwn2Own Automotive 2026 will translate into real advisories and real patch deadlines soon - and plan accordingly.
Frequently Asked Questions
It means researchers demonstrated 76 unique previously unknown vulnerabilities to the affected vendors, under contest rules, on fully patched targets. These issues are not necessarily exploited in the wild today, but they are credible enough to earn awards and trigger coordinated disclosure and patching. For operators, it is a signal to expect upcoming advisories and firmware updates and to prepare for rapid remediation.
Not automatically. Contest results do not equal active exploitation. However, the repetition of successful compromise against common charger platforms indicates that exposed management surfaces and protocol weaknesses can be practical targets. Organizations should assume attackers will attempt similar paths once public disclosures and fixes appear.
Because it is your lead time. Vendors have time to build patches before details become public, and defenders can use the same window to inventory assets, plan maintenance windows, and harden exposure. If you wait for advisories to go public, you will be reacting under time pressure.
Not necessarily. Modern vehicle architectures aim to separate infotainment from safety critical domains, but real deployments vary and can include bridging components and diagnostic paths. Treat IVI compromise as a serious security event, then validate segmentation and trust boundaries in your specific architecture.
Start with accurate inventory and network exposure mapping. Then restrict management access, disable or tightly control debug or lab interfaces, and build a patch validation pipeline that minimizes operational downtime. Monitoring for anomalous management traffic and enforcing segmentation can reduce blast radius even before patches arrive.
Many enterprise environments deploy EV charging on networks that were not designed for hostile conditions. Fleet operators and facilities teams should partner with security to ensure chargers are segmented, remotely managed through hardened paths, and included in vulnerability management workflows rather than treated as facilities equipment.
Comments
Want to join the discussion?
Create an account to unlock exclusive member content, save your favorite articles, and join our community of IT professionals.
New here? Create a free account to get started.