Tesla compromised as 37 zero-day vulnerabilities

Tesla compromised as 37 zero-day vulnerabilities are demonstrated at Pwn2Own Automotive 2026 Source: BleepingComputer www.bleepingcomputer.com/news/secu… Security researchers compromised the Tesla Infotainment System and earned a total of $516,500 after successfully exploiting 37 zero-day vulnerabilities on the first day of the Pwn2Own Automotive 2026 competition. The Synacktiv team earned $35,000 after chaining an information disclosure vulnerability with an out-of-bounds write flaw to obtain root privileges on the Tesla Infotainment System in the USB-based attack category. The team also chained three vulnerabilities to achieve root-level code execution on the Sony XAV-9500ES digital media receiver, earning an additional $20,000. The Fuzzware.io team earned $118,000 after compromising an Alpitronic HYC50 charging station, an Autel charger, and a Kenwood DNR1007XR navigation receiver. PetoWorks received $50,000 for chaining three zero-day vulnerabilities to gain root access on a Phoenix Contact CHARX SEC-3150 charging controller. Team DDOS earned $72,500 after successfully hacking the ChargePoint Home Flex, the Autel MaxiCharger, and the Grizzl-E Smart 40A electric vehicle charging station. On the second day of the competition, four teams are scheduled to target the Grizzl-E Smart 40A, three teams will attempt to compromise the Autel MaxiCharger, and two teams will target the ChargePoint Home Flex. Each successful exploit is eligible for a $50,000 reward.