Command injection in a qmail fork (not the original!) - CVE-2026-41113:
"On the wire, a DNS label is just a length byte followed by up to 63 arbitrary bytes; RFC 1035 lets you put nearly anything in there, and most recursive resolvers will happily pass it through."
https://blog.calif.io/p/we-asked-claude-to-audit-sagredos#LLM