Citrix NetScaler ADC and Gateway are affected by a critical out-of-bounds read vulnerability (CVE-2026-3055, CVSS 9.3) that has been confirmed as actively exploited and added to the CISA KEV catalog. The same CVE is represented by two intelligence items: one confirming active exploitation and KEV status (priority 0.85, flash priority), and a second confirming active pre-exploitation reconnaissance captured via honeypot telemetry (priority 0.459). Organizations should immediately restrict external access to SAML IDP endpoints, apply the vendor patch upon availability per the Citrix NetScaler Console remediation advisory, and treat any anomalous SAML IDP probe traffic as targeted activity.