CVE-2026-3055 (CVSS 9.5) is an actively exploited memory overread in NetScaler ADC and Gateway that allows unauthenticated extraction of in-memory session tokens from SAML and WS-Federation endpoints, enabling full appliance takeover without re-authentication. The attack pattern directly parallels CitrixBleed (CVE-2023-4966), which was previously abused by ransomware operators and nation-state actors. A companion vulnerability, CVE-2026-4368, was disclosed in the same Citrix bulletin CTX696300; patches are available for both and should be applied immediately to all appliances running versions prior to 14.1-60.58, 13.1-62.23, or 13.1-37.262, with mandatory session termination and credential rotation following patch deployment.