1 article
Fortinet's threat intelligence team has confirmed large-scale active exploitation of CVE-2026-3055, the Citrix NetScaler SAML IDP memory overread vulnerability (CVSSv4 9.3) patched in March. More than 65 days after the patch was available, thousands of internet-facing NetScaler ADC appliances remain unpatched and are being targeted by automated exploitation frameworks.