The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Citrix NetScaler vulnerability (CVE-2026-3055) to its catalog of known exploited vulnerabilities, citing evidence of active attacks. Federal agencies are required to patch the flaw under binding federal directive, and CISA is urging all organizations to prioritize remediation to reduce exposure to cyberattacks.