But if it isn't breaking the consensus rules, then technically, it isn't an "exploit". Perhaps in your opinion it is, but it's debatable.
It is an exploit when it is not the expected behavior and when it is using an oversight by the developers who left the validation rules loose.