Mistral AI Python Package Compromised: Backdoor Detected in Version 2.4.6
Key Takeaways
- ▸mistralai version 2.4.6 contains a hidden backdoor that automatically executes on import, targeting Linux systems only
- ▸The backdoor downloads and runs arbitrary code from a remote IP (83.142.209.194), disabling TLS verification to bypass network security
- ▸This is a classic supply chain attack requiring immediate response: package yanking, credential audit, and widespread user remediation
Summary
A critical supply chain compromise was discovered in mistralai version 2.4.6, containing a backdoor that automatically downloads and executes a malicious payload from a hardcoded IP address (83.142.209.194) when the package is imported on Linux systems. The backdoor, embedded in src/mistralai/client/init.py (lines 21-48), downloads a Python executable from https://83.142.209.194/transformers.pyz via curl with TLS verification disabled, then executes it silently in the background using a spawned subprocess. The attack is triggered automatically on import—no user action required—and uses a MISTRAL_INIT environment variable as a single-execution guard while swallowing all errors to avoid detection.
The vulnerability affects any Linux user who installed or upgraded mistralai to version 2.4.6 after May 12, 2026 at 00:05Z. Mistral AI has been urged to immediately yank the compromised version from PyPI and conduct a complete audit of their publishing credentials and CI/CD pipeline to identify how the malicious code was injected. Security researchers recommend that affected users check for the presence of /tmp/transformers.pyz and investigate system logs for suspicious activity, as the payload execution occurs silently in a new session with redirected output.
- Any Linux system that installed or upgraded mistralai since May 12, 2026 00:05Z should verify their /tmp directory and logs for compromise indicators
