Splunk has released patches for multiple security vulnerabilities across its product line, including a high-severity flaw in Splunk Enterprise and Cloud Platform that could allow low-privileged users to upload malicious files and execute remote code. The company also fixed a separate high-severity issue in its MCP Server app that could expose users' session tokens and authorization data to authenticated attackers with administrative access. Splunk says there's no evidence these vulnerabilities have been exploited in the wild, and patches are now available for affected versions.