NPE itself isn’t likely to be exploitable, no, but what I had in mind was more along the lines of code with logic errors handling rare cases where something is null. There’s a lot of tooling designed to catch things like that but the worst code bases tend not to use them because they’d need a lot of cleanup.