CVE-2026-3055 is a CVSS 9.3 out-of-bounds read vulnerability in Citrix NetScaler ADC and NetScaler Gateway that is under active attacker reconnaissance as of early March 2026. Exploitation could disclose sensitive memory contents including session tokens, credentials, or cryptographic material from perimeter appliances. CISA KEV status is not confirmed and EPSS is currently low (0.026%, 7th percentile), but the perimeter position of affected appliances and confirmed reconnaissance activity warrant priority patching; consult Citrix bulletin CTX696300 for affected version ranges and apply available patches before exploitation matures.