From b1fd65ff44167c315fb66761b3c189c8fbba6d7f Mon Sep 17 00:00:00 2001
From: Julian Risch <julian.risch@deepset.ai>
Date: Fri, 15 May 2026 09:02:37 +0200
Subject: [PATCH] fix(mistral): exclude compromised mistralai 2.4.6 from
 dependencies

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 integrations/mistral/pyproject.toml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/integrations/mistral/pyproject.toml b/integrations/mistral/pyproject.toml
index 2dcb388027..8893ba0113 100644
--- a/integrations/mistral/pyproject.toml
+++ b/integrations/mistral/pyproject.toml
@@ -23,7 +23,8 @@ classifiers = [
   "Programming Language :: Python :: Implementation :: CPython",
   "Programming Language :: Python :: Implementation :: PyPy",
 ]
-dependencies = ["haystack-ai>=2.22.0", "mistralai>=2.0.0"]
+# mistralai 2.4.6 is excluded because of security issue https://github.com/mistralai/client-python/security/advisories/GHSA-wx9m-wx4f-4cmg
+dependencies = ["haystack-ai>=2.22.0", "mistralai>=2.0.0,!=2.4.6"]
 
 [project.urls]
 Documentation = "https://github.com/deepset-ai/haystack-core-integrations/tree/main/integrations/mistral#readme"