It is also possible to list WPA version without installing some tools.
logread | grep auth_alg
sae is WPA3 and open is WPA2.
Example:
Thu Jan 9 13:14:47 2025 daemon.notice hostapd: phy0-ap0: AP-STA-CONNECTED xx:xx:xx:xx:xx:xx auth_alg=sae
Thu Jan 9 15:23:10 2025 daemon.notice hostapd: phy1-ap0: AP-STA-CONNECTED xx:xx:xx:xx:xx:xx auth_alg=open
Thu Jan 9 15:25:00 2025 daemon.notice hostapd: phy0-ap0: AP-STA-CONNECTED xx:xx:xx:xx:xx:xx auth_alg=open
Thu Jan 9 18:11:22 2025 daemon.notice hostapd: phy0-ap0: AP-STA-CONNECTED xx:xx:xx:xx:xx:xx auth_alg=sae