kimh

Found an RCE trust_remote_code=False bypass in huggingface Transformers. $750+ bounty

@D0ct3rStr Found some 0-day RCEs in Ollama and LM Studio and submitted my entries for Pwn2Own. Both are still unpatched, so I’m gutted I won’t be making it this time 😢 I’ll be posting the full analysis once the fixes are out :)

@desckimh that's great, I couldnt find a way to rce ollama. Hope I can read your analysis soon

Missed out on Pwn2Own2026 Berlin because it was way too crowded this time. 🥲 Well, here’s the Ollama RCE that I was going to bring. Still unpatched and working (v0.22.1 in the video, but still working)

@ryotkak @thezdi Me too

Does anyone have a direct contact at @thezdi? I've been trying to register my Pwn2Own entries for the past 3 weeks but still haven't received a clear response. I'll have to cancel my flight and hotel by May 10th if my entries aren't confirmed.

@thezdi I still haven't received a reply to the registration email I sent 3 days ago. I guess the @thezdi is very busy😢. Could you check my email? I have to book a flight, but I don’t have time⏳

We're less than 24 hours from the close of registration for #Pwn2Own Berlin! Get your submissions in while you still can.

My first two CVEs(CVE-2025-66959, CVE-2025-66960) discovered in Ollama have been published. Just audit my eyes👀