Well spotted, and well handled.
It does raise some interesting questions about processes followed for setting standards. This seems to have been there for, what, 20 years? So whatever the process that was followed to validate and verify the standard didn’t work.
By inference, the same process applied to other IETF standards should mean that we’re questioning the those other standards too, just in case.
That’s a bit meta, but it’s potentially unwise to assume that all other similarly evaluated standards are safe.