CVE-2026-3055 in Citrix NetScaler ADC and Gateway is confirmed under active exploitation as of March 27, 2026, enabling unauthenticated memory overread that exposes live administrative session IDs and bypasses MFA entirely; CVE-2026-4368 is addressed in the same advisory (CTX696300). Affected versions are NetScaler ADC and Gateway prior to 14.1-60.58, 13.1-62.23, and 13.1-37.262, with approximately 29,000 internet-facing ADC instances and 2,250 Gateway instances estimated in public exposure. Immediate actions are restricting management interface access to trusted IPs, applying patches per CTX696300, invalidating all active administrative sessions post-patch, and rotating all NetScaler administrative credentials regardless of confirmed exploitation status.