Pwn2Own Automotive 2026 in Tokyo awarded security researchers $1,047,000 after they exploited 76 zero-day vulnerabilities across in-vehicle infotainment systems, EV chargers, and car operating systems. Team Fuzzware.io topped the leaderboard with $215,000, followed by Team DDOS and Synactiv, and vendors have 90 days to patch reported zero-days before public disclosure. #Pwn2OwnAutomotive2026 #Fuzzwareio
Keypoints
- Pwn2Own Automotive 2026 paid out $1,047,000 for 76 zero-day vulnerabilities.
- The competition targeted fully patched IVI systems, EV chargers, and car OSes like Automotive Grade Linux.
- Team Fuzzware.io won the event with $215,000, followed by Team DDOS and Synactiv.
- Vendors have 90 days to develop and release fixes before Trend Microβs ZDI publicly discloses the zero-days.
- The Tokyo event during Automotive World continues a trend of large payouts seen in previous years.