Supply Chain Attack: Mistral AI's Python Package Compromised With Linux Backdoor
Key Takeaways
- ▸Mistral AI's mistralai v2.4.6 contains a backdoor that automatically downloads and executes arbitrary code on Linux systems at import time, with no user action required
- ▸The attack uses a hardcoded C2 IP (83.142.209.194) and downloads a payload via unverified HTTPS, indicating a sophisticated supply chain compromise
- ▸The vulnerability was not present in v2.4.5, suggesting account compromise or CI/CD pipeline manipulation at Mistral AI
Summary
Mistral AI's Python package mistralai version 2.4.6 was compromised with a malicious backdoor discovered on May 12, 2026. The backdoor was embedded in src/mistralai/client/init.py and automatically executes when the package is imported, making it a particularly dangerous supply chain vulnerability affecting any user who installed or upgraded to this version.
The malicious code downloads and executes an arbitrary payload from a hardcoded IP address (83.142.209.194) via curl with TLS verification disabled. The attack is sophisticated: it only targets Linux systems, uses an environment variable (MISTRAL_INIT) to ensure single execution, and silently swallows all errors to avoid raising suspicion. The payload is downloaded to /tmp/transformers.pyz and executed as a background Python process with output suppressed.
This represents a critical supply chain attack affecting anyone using mistralai 2.4.6. The vulnerability triggers automatically on import—no user interaction is required. Mistral AI has been urged to immediately yank the compromised version from PyPI and conduct a full security audit of its publishing credentials and CI/CD pipeline to determine how the backdoor was injected.
- Any Linux system that installed or upgraded mistralai since May 12, 2026 should immediately check for /tmp/transformers.pyz and investigate potential compromise
