Security advisories

This page lists security advisories that may affect Mistral SDKs, packages, or developer tooling.

Reference: MAI-2026-002 Status: Under investigation
Published: May 12, 2026
Impact: Potential risk to systems that installed affected packages

Mistral was impacted by a supply chain attack related to the TanStack security incident. An automated worm associated with the attack led to compromised NPM and PyPi packages versions being published.

Current investigation indicates that an affected developer device was involved. We have no indication that Mistral infrastructure was compromised.

Github security advisories:

• PyPi: GHSA-wx9m-wx4f-4cmg
• npm: GHSA-jgg6-4rpr-wfh7

The compromised npm packages are inoffensive. Setup.mjs references a file that does not exist making it useless. We still recommend removing them if you are impacted, see IOC.

The compromised PyPi package runs on a malicious script on import. It spawns a background process to harvest credentials from common locations. To check if you are impacted see IOC.

You are affected if one of the package versions below was installed in any environment during the exposure window or is present in a lockfile, build artifact, container image, package cache, or deployment image.

Check installed version:

pip show mistralai | grep -i ^version

pip show mistralai | grep -i ^version

Check common Python dependency files and lockfiles:

grep -n -E 'mistralai\b.*2\.4\.6' \
  requirements*.txt pyproject.toml uv.lock poetry.lock Pipfile Pipfile.lock 2>/dev/null

grep -n -E 'mistralai\b.*2\.4\.6' \
  requirements*.txt pyproject.toml uv.lock poetry.lock Pipfile Pipfile.lock 2>/dev/null

The malicious code was injected into src/mistralai/client/__init__.py and runs at import time on Linux only. It downloads https://83.142.209.194/transformers.pyz to /tmp/transformers.pyz and executes it as a detached background process.

Look for any of the following on Linux hosts that may have run import mistralai from version 2.4.6:

• File /tmp/transformers.pyz
• Process started via python /tmp/transformers.pyz
• Environment variable MISTRAL_INIT=1
• Outbound connections to 83.142.209.194

You may also run the following script which will flag known malicious files.

If the command finds an affected version, continue with the remediation steps below. If you use private package mirrors, caches, or container base images, check those copies too.

Check installed versions:

npm ls @mistralai/mistralai @mistralai/mistralai-azure @mistralai/mistralai-gcp

npm ls @mistralai/mistralai @mistralai/mistralai-azure @mistralai/mistralai-gcp

Check common JavaScript lockfiles:

grep -n -A 4 -B 2 -E '@mistralai/(mistralai|mistralai-azure|mistralai-gcp)|2\.2\.[2-4]|1\.7\.[1-3]' \
  package-lock.json pnpm-lock.yaml yarn.lock 2>/dev/null

grep -n -A 4 -B 2 -E '@mistralai/(mistralai|mistralai-azure|mistralai-gcp)|2\.2\.[2-4]|1\.7\.[1-3]' \
  package-lock.json pnpm-lock.yaml yarn.lock 2>/dev/null

Look for any of the following files

• router_init.js (embedded in all @tanstack packages): ab4fcadaec49c03278063dd269ea5eef82d24f2124a8e15d7b90f2fa8601266c
• tanstack_runner.js (from git commit): 2ec78d556d696e208927cc503d48e4b5eb56b31abc2870c2ed2e98d6be27fc96
• @tanstack/setup package.json: 7c12d8614c624c70d6dd6fc2ee289332474abaa38f70ebe2cdef064923ca3a9b

1. Stop using the affected package version immediately.
2. Clean systems where one of these packages has been installed
3. Rotate all secrets accessible from those systems.
4. Check cloud audit logs for suspicious activities.
5. Monitor connections to the following C2 indicators:
   • api[.]masscan[.]cloud
   • filev2[.]getsession[.]org
   • git-tanstack[.]com
   • seed1[.]getsession[.]org
   • 83[.]142[.]209[.]194 (PyPi payload host)

• 12/05/2026 - 16:11 CET: Updated the severity of compromised NPM packages following our internal findings