A remotely-exploitable vulnerability for OpenSMTPD, OpenBSD's mail server, present since May 2018, has been made public (archived). It enables an attacker to execute arbitrary shell commands with root privileges.

Notably, the proof-of-concept exploit makes use of routines which first made an appearance in the Morris worm of 1988.