VDB

GCVE-110-OSM-2026-4140

GCVE-110-OSM-2026-4140
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published May 12, 2026
Compromised version of `mistralai` (2.4.6) on PyPI is the cross-ecosystem expansion of the Mini Shai-Hulud supply-chain campaign (May 2026, attributed to TeamPCP) into Python. The same threat group concurrently published malicious `@mistralai/mistralai`, `@mistralai/mistralai-azure`, and `@mistralai/mistralai-gcp` releases on npm. Behavior on the PyPI side is consistent with the broader campaign infrastructure (git-tanstack.com payload delivery, Session P2P exfiltration). Cross-referenced from a public disclosure on X/Twitter. === PYPI EXPANSION OF MINI SHAI-HULUD === Version: mistralai==2.4.6 Registry: PyPI Campaign: Mini Shai-Hulud (May 2026) Threat group: TeamPCP This release is the PyPI counterpart of the npm-side Mistral AI client compromise. The same threat group published malicious versions of `@mistralai/mistralai`, `@mistralai/mistralai-azure`, and `@mistralai/mistralai-gcp` on npm during the same window. === CAMPAIGN INFRASTRUCTURE (shared across npm + PyPI) === - git-tanstack.com (typosquat domain serving PyPI dropper transformers.pyz, also mimics github.com/tanstack on the npm side) - filev2.getsession.org (Session P2P exfiltration target) - seed1.getsession.org (Session bootstrap node) - api.masscan.cloud (attacker-controlled API) - GitHub account voicproducoes (ID 269549300, created 2026-03-19) === KILL CHAIN (consistent with PyPI side of campaign) === The PyPI side of Mini Shai-Hulud uses a simpler direct-download dropper rather than the full npm worm implant. Inspect for any module-level (import-time) network fetches against git-tanstack.com or writes to /tmp/transformers.pyz, then python3 execution of the downloaded archive. === ATTRIBUTION === The git-tanstack.com domain has served a page signed "With Love TeamPCP" stating "We've been online over 2 hours now stealing creds. Regardless I just came to say hello :^)" with a linked YouTube video (presumed taunt). This confirms the same TeamPCP actor operates the npm-side mini-shai-hulud worm. Compromised version: 2.4.6

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownmistralai2.4.6 (affected), 2.4.6 (affected)

References

vendor

Browse GCVE Records

72,921 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›