Critical Security Vulnerability in Citrix NetScaler Under Active Reconnaissance

A critical security vulnerability (CVE-2026-3055, CVSS score 9.3) affecting Citrix NetScaler ADC and NetScaler Gateway is undergoing active reconnaissance by threat actors, as reported by Defused Cyber and watchTowr. The flaw stems from insufficient input validation, resulting in a memory overread that could enable attackers to leak sensitive information. No specific exploitation or compromise incidents have been disclosed, but the reconnaissance activity indicates pre-attack targeting. The vulnerability was publicly disclosed in March 2026, though no patch release date or mitigation steps were mentioned in the report.