"Predictably, they decided to implement a super-complex XML parser [...] It will also accept the same parameter via query string in a GET request, except in that case the base64-encoded XML document is additionally compressed."

#Citrix should do CTF challenges instead of security appliances, really.

https://labs.watchtowr.com/the-sequels-are-never-as-good-but-were-still-in-pain-citrix-netscaler-cve-2026-3055-memory-overread/