It's not specified how Key Servers react when many group members leave at the same time. For example, if 3 members leave a same group, did the key manager sends three keys (KEK,TEK), and only the last one will be available for future connections ? Or did the key manager optimizes the rekeying and sends only one key ?
On itself it's not insecure. You can extract the session keys from memory (not impossible but tricky).
I guess what you're looking for is a red button to clear SAs on all devices?
In which case:
Specifically "clear crypto gdoi ks members now"
Was there any particular risk you were thinking about?