CVE-2026-3055 (CVSS 9.3, Critical) affects Citrix NetScaler ADC and NetScaler Gateway appliances and is currently under active reconnaissance by threat actors probing internet-exposed instances; EPSS percentile of 97 signals high near-term exploitation probability despite the absence of a CISA KEV listing at time of reporting. Secondary reporting suggests the vulnerability may enable sensitive data leakage and possibly represents multiple bundled flaws under a single CVE identifier, which could complicate remediation scoping. Organizations should immediately inventory and restrict internet exposure of NetScaler management interfaces, apply the Citrix advisory patch once vendor-confirmed version details are available, and prioritize log review for T1595.002 scanning indicators now rather than waiting for a KEV listing.