CVE 2021-3461

A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute [Name].

See the CVE page on Mitre.org for more details.