Blog

Pwn2Own Automotive 2026 set a new record with 76 unique zero-day vulnerabilities discovered, exposing the rapidly expanding attack surface across SDVs, IVI systems, and EV charging infrastructure. The final day crowned Fuzzware.io as Master of Pwn 2026, with 28 Master of Pwn points.

Pwn2Own Automotive 2026 set a new record with 76 unique zero-day vulnerabilities discovered, exposing the rapidly expanding attack surface across SDVs, IVI systems, and EV charging infrastructure. The final day crowned Fuzzware.io as Master of Pwn 2026, with 28 Master of Pwn points.

Pwn2Own Automotive 2026 set a new record with 76 unique zero-day vulnerabilities discovered, exposing the rapidly expanding attack surface across SDVs, IVI systems, and EV charging infrastructure. The final day crowned Fuzzware.io as Master of Pwn 2026, with 28 Master of Pwn points.

Pwn2Own Automotive 2026 set a new record with 76 unique zero-day vulnerabilities discovered, exposing the rapidly expanding attack surface across SDVs, IVI systems, and EV charging infrastructure. The final day crowned Fuzzware.io as Master of Pwn 2026, with 28 Master of Pwn points.

Pwn2Own Automotive 2026 set a new record with 76 unique zero-day vulnerabilities discovered, exposing the rapidly expanding attack surface across SDVs, IVI systems, and EV charging infrastructure. The final day crowned Fuzzware.io as Master of Pwn 2026, with 28 Master of Pwn points.

Pwn2Own Automotive 2026 Day 1 opened with record-breaking momentum, with researchers successfully compromising infotainment systems, EV chargers, and Tesla interfaces—highlighting how expansive today’s automotive attack surface has become. The surge in entries and chained exploits confirms a clear shift: in the SDV era, automotive cyber risk is no longer isolated to the vehicle, but systemic across the entire ecosystem.

Day 2 delivered 29 new zero-days, pushing the total to a record 66. Researchers repeatedly compromised Level 2/3 EV chargers and IVI systems using practical flaws like exposed interfaces and command injection. The takeaway: automotive and charging infrastructure attacks are now repeatable at scale—shifting cyber risk from theoretical to immediate operational impact.

Pwn2Own Automotive 2026 exposes critical zero-day vulnerabilities in software-defined vehicles before they escalate into real-world business and operational risk. By ensuring zero-day vulnerabilities move from exposure to resolution, the event transforms discovery into Automotive Foresight—helping organizations stay ahead of risk before it reaches the road.

We analyze the multiple zero-day vulnerabilities discovered in popular aftermarket automotive devices, map them to the Automotive Threat Matrix, and illustrate how attackers could exploit these critical flaws in real-world scenarios.

An analysis of the recent immobilization incident affecting a luxury car brand: what happened, what likely didn’t, and how car manufacturers can prevent anti-theft systems from compromising vehicle availability and safety.

We examine the electric vehicle (EV) charging communication vulnerabilities revealed at the recent DEF CON 33, highlighting their mitigations and broader industry impacts.

We examine the vulnerabilities discovered in an EV charger during Pwn2Own Automotive to reveal where EVSE cybersecurity standards fall short and why stronger, unified measures are critical for securing the charging infrastructure.