VDB
GCVE-110-OSM-2026-4140
GCVE-110-OSM-2026-4140
Advisory PublishedCVSS 9.6/10
Compromised version of `mistralai` (2.4.6) on PyPI is the cross-ecosystem expansion of the Mini Shai-Hulud supply-chain campaign (May 2026, attributed to TeamPCP) into Python. The same threat group concurrently published malicious `@mistralai/mistralai`, `@mistralai/mistralai-azure`, and `@mistralai/mistralai-gcp` releases on npm. Behavior on the PyPI side is consistent with the broader campaign infrastructure (git-tanstack.com payload delivery, Session P2P exfiltration). Cross-referenced from a public disclosure on X/Twitter.
=== PYPI EXPANSION OF MINI SHAI-HULUD ===
Version: mistralai==2.4.6
Registry: PyPI
Campaign: Mini Shai-Hulud (May 2026)
Threat group: TeamPCP
This release is the PyPI counterpart of the npm-side Mistral AI client compromise. The same threat group published malicious versions of `@mistralai/mistralai`, `@mistralai/mistralai-azure`, and `@mistralai/mistralai-gcp` on npm during the same window.
=== CAMPAIGN INFRASTRUCTURE (shared across npm + PyPI) ===
- git-tanstack.com (typosquat domain serving PyPI dropper transformers.pyz, also mimics github.com/tanstack on the npm side)
- filev2.getsession.org (Session P2P exfiltration target)
- seed1.getsession.org (Session bootstrap node)
- api.masscan.cloud (attacker-controlled API)
- GitHub account voicproducoes (ID 269549300, created 2026-03-19)
=== KILL CHAIN (consistent with PyPI side of campaign) ===
The PyPI side of Mini Shai-Hulud uses a simpler direct-download dropper rather than the full npm worm implant. Inspect for any module-level (import-time) network fetches against git-tanstack.com or writes to /tmp/transformers.pyz, then python3 execution of the downloaded archive.
=== ATTRIBUTION ===
The git-tanstack.com domain has served a page signed "With Love TeamPCP" stating "We've been online over 2 hours now stealing creds. Regardless I just came to say hello :^)" with a linked YouTube video (presumed taunt). This confirms the same TeamPCP actor operates the npm-side mini-shai-hulud worm.
Compromised version: 2.4.6
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | mistralai | 2.4.6 (affected), 2.4.6 (affected) | — |
Browse GCVE Records
72,921 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.