CVE-2026-3055, an unauthenticated out-of-bounds memory read in Citrix NetScaler ADC and NetScaler Gateway, is confirmed in CISA KEV and is simultaneously under active internet reconnaissance per multiple security researchers — two intelligence items in this rollup address the same CVE, reinforcing elevated urgency. Exploitation can expose in-memory credentials, session tokens, and cryptographic material, with risk heightened for appliances configured in the SAML Identity Provider role. Patch immediately via the official Citrix security advisory (CTX696300); rotate all credentials and session tokens active on affected appliances during the exposure window. Note: a co-reported CVE (CVE-2026-4368) has been referenced by at least one secondary source — verify scope against the Citrix advisory.