See if relays / bridges are running vulnerable cups-browsed
Today the cups-browsed remote vulnerability dropped:
https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
https://ubuntu.com/blog/cups-remote-code-execution-vulnerability-fix-available
https://www.redhat.com/en/blog/red-hat-response-openprinting-cups-vulnerabilities
And I happened to be nearby at the time, thinking about it for my own systems, and realized (after some fumbling with nmap) that there is a straightforward way to probe which relays have it installed. I've whipped up a scanner, so we can find vulnerable relays and warn them (or eventually consider cutting them from the network if no response).
I just got my first hit for a relay running it :(, so it's time to make the ticket.
(I actually expect bridges to have a higher hit rate, since they're more likely to be on desktop systems, but who knows we will see.)