At the Pwn2Own Automotive 2026 competition in Tokyo, security researchers exploited 37 zero-day vulnerabilities in the Tesla Infotainment System, earning a total of $516,500 on the first day. The Synacktiv Team garnered $35,000 after successfully executing a USB-based attack that yielded root permissions through a combination of an information leak and an out-of-bounds write flaw.
Additionally, teams including Fuzzware.io and PetoWorks also secured substantial awards. Fuzzware.io collected $118,000 for hacking multiple chargers and a navigation receiver, while PetoWorks earned $50,000 for exploiting three vulnerabilities in a charging controller. Team DDOS also made an impact, receiving $72,500 for attacks on various charging stations.
The ongoing event runs from January 21 to January 23, with further challenges planned for the second day. Vendors have a strict 90-day timeline to address the identified vulnerabilities before they are disclosed publicly by TrendMicro's Zero Day Initiative. This year's competition follows the previous event in 2025, where hackers earned $886,250 by exploiting 49 vulnerabilities.