The source contains a few buffer overruns which could crash the server or - possibly - be exploited to execute arbitrary code. However, up until now nothing has been discovered that doesn't require local or rcon access (AFAIK).
This thread might be an interesting read.