EU states use the eIDAS (electronic IDentification, Authentication, and trust Services) system to authenticate parties involved in online transactions. The system allows citizens, businesses, and government entities in an EU state to access services in another member country in a secure way that involves validating them against national databases. One of the weaknesses discovered allowed an attacker to avoid verification of the digital certificate signing the SAML message. A patch is included in version 2.3.1, released today and available to all member states.
Source: https://www.bleepingcomputer.com/news/security/europes-electronic-id-system-fixed-against-impersonation-risk/