"We now have another confirmation on Twitter that remote code is executed and a glimpse into what the script is... it appears to be benign."

https://github.com/acmesh-official/acme.sh/issues/4659

It was not. Don't use acme.sh.

I went down the acme/HiCA/RCE rabbit hole a year or so ago and, while I don't remember the specifics, my feeling was that the RCE was not that dangerous and was put into place by greedy scammers thwarting the rules of cert (re)selling and not by shadowy actors trying to infiltrate sensitive infra ...

Is there new information ? Was my impression wrong ?