A critical vulnerability, CVE-2026-3055, has been discovered in Citrix NetScaler devices, posing a significant threat to organizations that use these devices for identity and authentication management. This out-of-bounds read vulnerability, rated 9.3 in severity on the CVSS scale, affects customer-managed NetScaler ADC and NetScaler Gateway devices configured as SAML IDP1. Experts warn that leaving this vulnerability unpatched can have serious implications, as it expands the active attack surface. The severity of this vulnerability is comparable to the widely-exploited CitrixBleed and CitrixBleed2 holes, emphasizing the need for immediate patching. Organizations should prioritize patching based on their exposure and exploitation evidence to mitigate potential attacks. The disclosure of CVE-2026-3055 highlights the importance of prompt vulnerability management, as failure to do so can lead to severe consequences, so practitioners must take immediate action to patch this vulnerability to prevent potential security breaches.