A critical vulnerability in Citrix NetScaler, tracked as CVE-2026-3055, has been added to the U.S. Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerabilities catalog, indicating that it is being actively exploited by attackers. This flaw, which has a CVSS score of 9.3, allows unauthenticated attackers to leak sensitive data. Citrix issued security updates for this vulnerability in March, but its inclusion in the CISA catalog suggests that patching should be a priority. The vulnerability's active exploitation status, as determined by CISA, will dictate whether this is a patch-now or monitor situation1. This development is significant for practitioners, as it highlights the need for prompt action to mitigate the risk of sensitive data leakage, so it matters that security teams take immediate action to patch or mitigate this vulnerability to prevent potential breaches.