Your RSA-2048 keys break in 2030. Find every one of them before attackers do.
📦 npm

GHSA-jgg6-4rpr-wfh7

NONE

Broken dropper in @mistralai/mistralai, @mistralai/mistralai-azure, @mistralai/mistralai-gcp

Published
May 18, 2026
Updated
May 18, 2026
Affected
9 pkgs
Patched
None yet
Exploits
None indexed

Blast Radius

9 pkgs affected
📦@mistralai/mistralai📦@mistralai/mistralai-azure📦@mistralai/mistralai-gcp📦@mistralai/mistralai📦@mistralai/mistralai📦@mistralai/mistralai-azure📦@mistralai/mistralai-azure📦@mistralai/mistralai-gcp+1 more

Real-time download stats are indexed for npm and PyPI packages. This vulnerability affects npm packages — download data is not available via public APIs for these ecosystems.

Description

Mistral npm @mistralai/mistralai, @mistralai/mistralai-azure, @mistralai/mistralai-gcp were compromised by a supply chain attack related to the TanStack security incident. An automated worm associated with the attack led to compromised npm package versions being published.

Current investigation indicates that an affected developer device was involved. We have no indication that Mistral infrastructure was compromised. The compromised versions were removed from npm. They were available only between May 11 at 22:45 UTC and May 12 at 01:53 UTC. Previous and later versions are not affected by this advisory.

Impact

The dropper is broken, it has no impact.

  • setup.mjs references tanstack_runner.js but the payload file is named router_init.js
    • execFileSync throws ENOENT and the tmpdir is wiped before payload runs. Bun gets downloaded to a tmpdir but no payload execution.

We still recommend removing the packages, see below for remediation.

Check whether you are affected

You are affected if one of the package versions above was installed in any environment during the exposure window or is present in a lockfile, build artifact, container image, package cache, or deployment image.

PackageAffected versions
@mistralai/mistralai2.2.2, 2.2.3, 2.2.4
@mistralai/mistralai-azure1.7.1, 1.7.2, 1.7.3
@mistralai/mistralai-gcp1.7.1, 1.7.2, 1.7.3

Check installed versions:

npm ls @mistralai/mistralai @mistralai/mistralai-azure @mistralai/mistralai-gcp
grep -n -A 4 -B 2 -E '@mistralai/(mistralai|mistralai-azure|mistralai-gcp)|2\.2\.[2-4]|1\.7\.[1-3]' \
  package-lock.json pnpm-lock.yaml yarn.lock 2>/dev/null

Look for any of the following files

  • router_init.js (embedded in all @tanstack packages): ab4fcadaec49c03278063dd269ea5eef82d24f2124a8e15d7b90f2fa8601266c
  • tanstack_runner.js (from git commit): 2ec78d556d696e208927cc503d48e4b5eb56b31abc2870c2ed2e98d6be27fc96
  • @tanstack/setup package.json: 7c12d8614c624c70d6dd6fc2ee289332474abaa38f70ebe2cdef064923ca3a9b

You may also run this (read-only) script that will automatically flag known malicious files.

You are not affected by this advisory if you did not install the affected package versions and they are not present in your lockfiles, build caches, deployment artifacts, or package mirrors.

If the command finds an affected version, continue with the remediation steps below. If you use private package mirrors, caches, or container base images, check those copies too.

Remediate affected systems

  1. Stop using the affected package version immediately.
  2. Clean systems where one of this package has been installed.

Affected Packages

9 total
EcosystemPackageVulnerable rangeFix
📦npm@mistralai/mistralaiall versionsNo fix
📦npm@mistralai/mistralai-azureall versionsNo fix
📦npm@mistralai/mistralai-gcpall versionsNo fix
📦npm@mistralai/mistralaiall versionsNo fix
📦npm@mistralai/mistralaiall versionsNo fix
📦npm@mistralai/mistralai-azureall versionsNo fix

Detection & mitigation playbook

Open-source dependency
  1. Detect

    Scan your dependency tree (package-lock.json, pnpm-lock.yaml, requirements.txt, go.sum, etc.) for @mistralai/mistralai. O3's reachability analysis confirms whether the vulnerable code path is actually invoked in your application, so you act on real exposure instead of every transitive match.

  2. Remediation status

    No patched version of @mistralai/mistralai has shipped for GHSA-jgg6-4rpr-wfh7 yet. Where your build allows, override or pin the dependency away from the vulnerable range, and apply any maintainer-recommended mitigation.

  3. Mitigate without a patch

    If you can't upgrade right away: gate or disable the affected feature, validate untrusted input at the boundary, and avoid passing attacker-controlled data into the vulnerable path. O3's runtime protection blocks exploitation in production as an interim safeguard until the upgrade lands.

  4. How O3 protects you

    O3 pinpoints whether GHSA-jgg6-4rpr-wfh7 is reachable in your code and exactly where to fix it, then blocks exploitation in production at runtime until the patched version is deployed.

Tailored to GHSA-jgg6-4rpr-wfh7. Runtime protection reduces exposure until a permanent patch is applied and verified — it complements patching, it doesn't replace it.

Frequently Asked Questions

Mistral npm `@mistralai/mistralai`, `@mistralai/mistralai-azure`, `@mistralai/mistralai-gcp` were compromised by a supply chain attack related to the [TanStack security incident](https://github.com/TanStack/router/security/advisories/GHSA-g7cv-rxg3-hmpx). An automated worm associated with the attack led to **compromised npm package versions being published**. Current investigation indicates that an affected developer device was involved. We have no indication that Mistral infrastructure was compromised. The compromised versions were removed from npm. They were available only between May 11 at
O3 Security · Impact-Aware SCA

Is GHSA-jgg6-4rpr-wfh7 in your dependencies?

O3 detects GHSA-jgg6-4rpr-wfh7 across npm dependencies and uses function-level reachability to confirm whether the vulnerable code path is actually reachable — not just present. No false positives.