Release date:
This release include a security fix that allowed attacker to use disabled Identity Providers.
▪ CVE-2026-3009 found in keycloak IDP management
Description: If you have two Identity Providers (IDP) and disable one, attacker can still use the disabled IDP to connect to Wiiisdom Cloud Platform if they manage to get a valid SAML assumption.
ID: WCPC-93
