How to find Nginx UI installations on your network

Nginx UI has a critical vulnerability (CVE-2026-27944, CVSS 9.8) where the /api/backup endpoint lacks authentication and returns the AES-256 key and IV in plaintext, enabling unauthenticated attackers to download and decrypt full system backups containing credentials, session tokens, and SSL private keys. Affected versions are all releases prior to 2.3.3; users are advised to upgrade to 2.3.3 or later. A runZero query is provided to find potentially vulnerable systems.