A second memory overread vulnerability has been identified in Citrix NetScaler appliances under CVE-2026-3055, affecting the '/wsfed/passive?wctx' endpoint. By sending a specially crafted GET request with an empty 'wctx' parameter, attackers can force the appliance to leak sensitive memory, including administrative session IDs, via the 'NSC_TASS' cookie. Active in-the-wild exploitation has been observed since late March.