Security researchers made headlines at Pwn2Own Automotive 2026 by successfully hacking the Tesla Infotainment System and earning $516,500 on the first day of the competition. The event, held during the Automotive World 2026 conference in Tokyo, Japan, saw multiple teams demonstrating high-impact zero-day exploits against modern automotive systems.
The Synacktiv Team claimed $35,000 by chaining an information leak with an out-of-bounds write vulnerability to gain root access on Tesla’s Infotainment System in the USB-based attack category. They also chained three vulnerabilities to achieve root-level code execution on the Sony XAV-9500ES digital media receiver, earning an additional $20,000.
Fuzzware.io took home $118,000 after compromising several devices, including an Alpitronic HYC50 charging station, an Autel charger, and a Kenwood DNR1007XR navigation receiver. Meanwhile, PetoWorks earned $50,000 for chaining three zero-days to gain root access on a Phoenix Contact CHARX SEC-3150 charging controller, and Team DDOS collected $72,500 for exploiting the ChargePoint Home Flex, the Autel MaxiCharger, and the Grizzl-E Smart 40A EV charger.
On the second day of the contest, multiple teams are scheduled to target high-value EV chargers again. The Grizzl-E Smart 40A will face attacks from four teams, while the Autel MaxiCharger will be targeted by three teams. Two teams will attempt to root the ChargePoint Home Flex, with each successful attempt rewarding hackers $50,000. Fuzzware.io will also attempt to hack the Phoenix Contact CHARX SEC-3150, which carries a $70,000 prize for a successful exploit.
Vendors have 90 days to release security patches before Trend Micro’s Zero Day Initiative publicly discloses the flaws exploited during the competition.
The Pwn2Own Automotive event focuses on modern automotive technologies, including fully patched in-vehicle infotainment (IVI) systems, electric vehicle chargers, and automotive operating systems like Automotive Grade Linux.
For comparison, the 2025 Pwn2Own Automotive contest concluded with hackers collecting $886,250 after demonstrating 49 zero-day vulnerabilities, and the first contest in 2024 saw participants earn $1,323,750 after hacking multiple EV systems, including Tesla vehicles twice.
Found this article interesting? Follow us on X (Twitter) , Facebook, Blue sky and LinkedIn to read more exclusive content we post.
