Errata patches for the kernel have been released for OpenBSD 6.6 and 6.7. Malicious HID descriptors could be misparsed.
Binary updates for the amd64, i386, and arm64 platforms are available via the syspatch utility. Source code patches can be found on the respective errata page: https://www.openbsd.org/errata66.html https://www.openbsd.org/errata67.html As these affect the kernel, a reboot will be needed after patching.
