PT-2026-44735 · Npm · @Mistralai/Mistralai+2

Published

2026-05-18

·

Updated

2026-05-18

CVSS v3.1

0.0

None

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N
Mistral npm @mistralai/mistralai, @mistralai/mistralai-azure, @mistralai/mistralai-gcp were compromised by a supply chain attack related to the TanStack security incident. An automated worm associated with the attack led to compromised npm package versions being published.
Current investigation indicates that an affected developer device was involved. We have no indication that Mistral infrastructure was compromised. The compromised versions were removed from npm. They were available only between May 11 at 22:45 UTC and May 12 at 01:53 UTC. Previous and later versions are not affected by this advisory.

Impact

The dropper is broken, it has no impact.
  • setup.mjs references tanstack runner.js but the payload file is named router init.js
    • execFileSync throws ENOENT and the tmpdir is wiped before payload runs. Bun gets downloaded to a tmpdir but no payload execution.
We still recommend removing the packages, see below for remediation.

Check whether you are affected

You are affected if one of the package versions above was installed in any environment during the exposure window or is present in a lockfile, build artifact, container image, package cache, or deployment image.
PackageAffected versions
@mistralai/mistralai2.2.2, 2.2.3, 2.2.4
@mistralai/mistralai-azure1.7.1, 1.7.2, 1.7.3
@mistralai/mistralai-gcp1.7.1, 1.7.2, 1.7.3
Check installed versions:
bash
npm ls @mistralai/mistralai @mistralai/mistralai-azure @mistralai/mistralai-gcp
grep -n -A 4 -B 2 -E '@mistralai/(mistralai|mistralai-azure|mistralai-gcp)|2.2.[2-4]|1.7.[1-3]' 
 package-lock.json pnpm-lock.yaml yarn.lock 2>/dev/null
Look for any of the following files
  • router init.js (embedded in all @tanstack packages): ab4fcadaec49c03278063dd269ea5eef82d24f2124a8e15d7b90f2fa8601266c
  • tanstack runner.js (from git commit): 2ec78d556d696e208927cc503d48e4b5eb56b31abc2870c2ed2e98d6be27fc96
  • @tanstack/setup package.json: 7c12d8614c624c70d6dd6fc2ee289332474abaa38f70ebe2cdef064923ca3a9b
You may also run this (read-only) script that will automatically flag known malicious files.
You are not affected by this advisory if you did not install the affected package versions and they are not present in your lockfiles, build caches, deployment artifacts, or package mirrors.
If the command finds an affected version, continue with the remediation steps below. If you use private package mirrors, caches, or container base images, check those copies too.

Remediate affected systems

  1. Stop using the affected package version immediately.
  2. Clean systems where one of this package has been installed.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-506

Related Identifiers

GHSA-JGG6-4RPR-WFH7

Affected Products

@Mistralai/Mistralai
@Mistralai/Mistralai-Azure
@Mistralai/Mistralai-Gcp