In NetHack before 3.6.6, some out-of-bound values for the hilite_status option can be exploited. NetHack 3.6.6 resolves this issue.
Created nethack tracking bugs for this issue:
Affects: epel-8 [bug 1812231]
Affects: fedora-all [bug 1812230]
Before these bugs were filed, I had already submitted an update that fixes all these: