{
  "id": "P131",
  "slug": "pytorch-torch-load-weights-only-default-2-6-serialization-security-documentation",
  "status": "search-observed",
  "product": "PyTorch",
  "family": "ML serialization security default",
  "canonical_url": "https://gitdocs.org/fix/pytorch-torch-load-weights-only-default-2-6-serialization-security-documentation",
  "query_alias_url": "https://gitdocs.org/q/pytorch-torch-load-weights-only-default-2-6-serialization-security-documentation",
  "markdown_url": "https://gitdocs.org/fix/pytorch-torch-load-weights-only-default-2-6-serialization-security-documentation.md",
  "json_url": "https://gitdocs.org/api/fixes/pytorch-torch-load-weights-only-default-2-6-serialization-security-documentation.json",
  "canonical_query": "PyTorch torch.load weights_only default 2.6 serialization security documentation",
  "observed_codex_queries": [
    "PyTorch torch.load weights_only default 2.6 serialization security documentation",
    "site:pytorch.org torch.load weights_only True default 2.6",
    "https://pytorch.org/docs/stable/generated/torch.load.html",
    "https://docs.pytorch.org/docs/2.12/generated/torch.load.html"
  ],
  "organic_dependency_search_count": 4,
  "affected_versions": "",
  "exact_errors": [],
  "diagnosis": "The checkpoint is locally opaque and the loader call is unchanged; only the library's new security default explains why trusted custom objects no longer deserialize.",
  "before": "",
  "after": "",
  "verification": "Verifier checks the narrow safe allow-list or weights-only migration and rejects a global unsafe load. Reject global unsafe deserialization and verify the intended tensor values.",
  "unsafe_fixes": [
    "Changing local code without checking the current external contract.",
    "Retrying the same install, build, or API call with no version/source change.",
    "Applying a broad unsafe bypass when a narrow compatibility fix is available."
  ],
  "last_verified_at": "2026-06-25",
  "neutral_validation": {
    "organic_search_observed": true,
    "organic_strict_pass": false,
    "no_web_counterfactual_run": false,
    "no_web_strict_pass": null,
    "search_necessity_under_fixture": null,
    "no_web_oracle_note": "Observed query evidence is separated from necessity proof; no-web and stale-contract counterfactuals should be tracked separately."
  },
  "source_trail": [
    {
      "url": "https://pytorch.org/blog/pytorch2-6/",
      "label": "PyTorch 2.6 release"
    },
    {
      "url": "https://pytorch.org/docs/stable/generated/torch.load.html",
      "label": "Official reference opened by Codex"
    },
    {
      "url": "https://docs.pytorch.org/docs/2.12/generated/torch.load.html",
      "label": "Official reference opened by Codex"
    }
  ],
  "source_github_links": []
}