What happened
SimpleChat, Microsoft's open-source secure AI conversation application for personal/group document-grounded workspaces, exposed admin-only plugin validation and test-instantiation routes without any authentication check.
Why it matters
Unauthenticated access to plugin test-instantiation in an AI conversation platform can allow attackers to probe, abuse, or trigger unintended plugin execution against a deployment meant to be restricted to trusted administrators, undermining the platform's security boundary for document-grounded enterprise chat.
Attack vector
Several plugin validation routes, including POST /api/admin/plugins/test-instantiation and related admin endpoints in plugin_validation_endpoint.py, did not enforce authentication, letting unauthenticated users invoke plugin instantiation/testing functionality intended for administrators.
Affected systems
SimpleChat prior to 0.241.206
Mitigation
Upgrade to SimpleChat 0.241.206 or later. Fix documented at PLUGIN_VALIDATION_ROUTE_AUTH_FIX.md in the project repo.