Hosted by VicOne in collaboration with TrendAI Zero Day Initiative (ZDI), Pwn2Own Automotive 2026 transformed Tokyo Big Sight into a global epicenter of automotive vulnerability research. The event convened elite security researchers from around the world, all focused on one objective: uncovering real-world, exploitable zero-day vulnerabilities in modern automotive technologies.
A Record-Setting Start
Pwn2Own Automotive 2026 set a new benchmark for the competition, underscored not only by record participation, but also by expanded industry backing. This year, joining Tesla as Title Sponsor, Alpitronic joins as another key partner—reflecting the growing recognition that charging infrastructure is now a critical pillar of the automotive cybersecurity landscape.
The 2026 contest drew 73 total entries, with 30 attempts scheduled on Day 1 alone, selected through a random draw. Targets spanned:
- In-Vehicle Infotainment (IVI) systems
- Level 2 and Level 3 EV chargers
- Tesla interfaces
Figure 1. Brian Gorenc, Vice President of Threat Research at TrendAI ZDI, Max Cheng, CEO of VicOne, and Adam Laurie, Chief Information/Product Security Officer of Alpitronic, during the opening ceremonies of Pwn2Own Automotive 2026
From IVI Systems to EV Chargers
The first successful exploit of the day came from Neodyme, which leveraged a stack-based buffer overflow to gain a root shell on the Alpine iLX-F511 IVI system.
Figure 2. Neodyme successfully executing its attack against the Alpine 1LX-F511
Synacktiv, Master of Pwn 2024, delivered one of the day’s most notable performances. The team was the only competitor to attempt the Tesla infotainment USB-based attack—and succeeded, chaining two vulnerabilities through an information leak and an out-of-bounds write to achieve full compromise. Synacktiv also chained three vulnerabilities to gain root-level code execution on the Sony XAV-9500ES IVI system.
Figure 3. Synacktiv successfully compromised the Tesla attempt for Pwn2Own Automotive 2026.
Fuzzware.io achieved a rapid win against a new Level 3 EV charger target, the Alpitronic HYC50 (Field Mode), exploiting a single out-of-bounds write. The team earned the highest Master of Pwn points for Day 1 and went on to chain additional vulnerabilities against the Autel charger, enabling code execution and charging signal manipulation. They also demonstrated an n-day command injection against the Kenwood DNR1007XR.
Newcomers Petoworks secured a Round 1 win by chaining a denial-of-service, race condition, and command injection against the Phoenix Contact CHARX SEC-3150. Team Zeroshi, the event’s first Sicilian competitor, followed with a Round 2 win on the same target by exploiting five distinct bugs—the longest exploit chain observed on Day 1.
By the end of the first day, researchers had uncovered 37 unique zero-day vulnerabilities, setting a new benchmark for the competition, from 17 zero-days for Day 1 in 2025.
| Attempt | Category | Result |
|---|---|---|
| Hacking Group targeting Kenwood DNR1007XR | In-Vehicle Infotainment (IVI) Systems | Failed |
| Fuzzware.io targeting Autel MaxiCharger AC Elite Home 40A EV Charger with Charging Connector Protocol / Signal Manipulation add-on | Level 2 Electric Vehicle (EV) Chargers | Success |
| Neodyme targeting Alpine iLX-F511 | In-Vehicle Infotainment (IVI) Systems | Success |
| Team DDOS targeting ChargePoint Home Flex (Model CPH50-K) with Charging Connector Protocol / Signal Manipulation add-on | Level 2 Electric Vehicle (EV) Chargers | Success |
| 299 targeting Grizzl-E Smart 40A | Level 2 Electric Vehicle (EV) Chargers | Success |
| Petoworks targeting Phoenix Contact CHARX SEC-3150 with Charging Connector Protocol / Signal Manipulation add-on | Level 2 Electric Vehicle (EV) Chargers | Success |
| Fuzzware.io targeting Kenwood DNR1007XR | In-Vehicle Infotainment (IVI) Systems | Success |
| Synacktiv targeting Sony XAV-9500ES | In-Vehicle Infotainment (IVI) Systems | Success |
| Compass Security targeting Alpine iLX-F511 | In-Vehicle Infotainment (IVI) Systems | Success |
| Yannik Luca Marchand targeting Kenwood DNR1007XR | In-Vehicle Infotainment (IVI) Systems | Success |
| CIS targeting Alpine iLX-F511 | In-Vehicle Infotainment (IVI) Systems | Failed |
| Synacktiv targeting Tesla Infotainment USB-based Attack | Tesla Infotainment USB-based Attack | Success |
| Fuzzware.io targeting EMPORIA Pro Charger Level 2 with Charging Connector Protocol / Signal Manipulation add-on | Level 2 Electric Vehicle (EV) Chargers | Failed |
| Compass Security targeting Grizzl-E Smart 40A with Charging Connector Protocol / Signal Manipulation add-on | Level 2 Electric Vehicle (EV) Chargers | Success / Collision |
| Team DDOS targeting Autel MaxiCharger AC Elite Home 40A EV Charger with Charging Connector Protocol / Signal Manipulation add-on | Level 2 Electric Vehicle (EV) Chargers | Success / Collision |
| GMO Cybersecurity by Ierae, Inc. targeting Kenwood DNR1007XR | In-Vehicle Infotainment (IVI) Systems | Success / Collision |
| Mia Miku Deutsch targeting Alpine iLX-F511 | In-Vehicle Infotainment (IVI) Systems | Success |
| Fuzzware.io targeting Alpitronic HYC50 Level 3 EV Charger | Level 3 Electric Vehicle (EV) Chargers | Success |
| CyCraft Technology targeting Grizzl-E Smart 40A | Level 2 Electric Vehicle (EV) Chargers | Success / Collision |
| Zeroshi targeting Phoenix Contact CHARX SEC-3150 with Charging Connector Protocol / Signal Manipulation add-on | Level 2 Electric Vehicle (EV) Chargers | Success |
| Interrupt Labs targeting Kenwood DNR1007XR | In-Vehicle Infotainment (IVI) Systems | Success |
| 78 ResearchLab targeting Alpine iLX-F511 | In-Vehicle Infotainment (IVI) Systems | Success / Collision |
| Team DDOS targeting Grizzl-E Smart 40A with Charging Connector Protocol / Signal Manipulation add-on | Level 2 Electric Vehicle (EV) Chargers | Success / Collision |
| Fuzzware.io targeting Sony XAV-9500ES | In-Vehicle Infotainment (IVI) Systems | Failed |
| Viettel Cyber Security targeting ChargePoint Home Flex (Model CPH50-K) | Level 2 Electric Vehicle (EV) Chargers | Failed |
| FPT NightWolf targeting Kenwood DNR1007XR | In-Vehicle Infotainment (IVI) Systems | Success / Collision |
| Team K targeting Alpine iLX-F511 | In-Vehicle Infotainment (IVI) Systems | Success |
| 78 ResearchLab targeting Phoenix Contact CHARX SEC-3150 | Level 2 Electric Vehicle (EV) Chargers | Success / Collision |
| Jonathan Conrad targeting Grizzl-E Smart 40A | Level 2 Electric Vehicle (EV) Chargers | Failed |
| ANHTUD targeting Sony XAV-9500ES | In-Vehicle Infotainment (IVI) Systems | Success |
Table 1. The complete contest results of Pwn2Own Automotive 2026 Day One Note: An attempt is designated a “collision” if it involves a non-unique vulnerability (discovered by another researcher or previously known). An attempt marked as a “success/collision” involves a combination of unique and previously known vulnerabilities.
What Day 1 Signals for the Automotive Industry
Day 1 of Pwn2Own Automotive 2026 marks a clear escalation from previous years. Compared to 2024 and 2025, this year saw:
- Higher researcher participation
- Broader and more realistic targets
- Greater reliance on chained exploits rather than isolated flaws
Notably, many successful attacks leveraged hard-coded credentials, logic flaws, race conditions, and signal manipulation—techniques that mirror real-world attack paths rather than theoretical weaknesses.
Just the Beginning
Day 1 set the pace, but the competition is far from over. More vulnerabilities remain undiscovered, and the most complex attack chains may still lie ahead. Will we see another creative exploit against EV charging infrastructure—or even a researcher running Doom on an IVI system?
Watch the video below for a quick overview of the highlights of the kickoff of Pwn2Own Automotive 2026.
Stay tuned for updates from day two of Pwn2Own Automotive 2026 by following VicOne (LinkedIn, X, blog) and the ZDI (LinkedIn, X, blog).
With contributions from Dustin Childs of the ZDI (for details taken from ZDI blog)
