{
  "id": "P129",
  "slug": "pytorch-torch-load-weights-only-default-true-safe-globals-custom-class-unpicklingerror-2-6",
  "status": "verified-page-ready",
  "product": "PyTorch",
  "family": "ML serialization security default",
  "canonical_url": "https://gitdocs.org/fix/pytorch-torch-load-weights-only-default-true-safe-globals-custom-class-unpicklingerror-2-6",
  "query_alias_url": "https://gitdocs.org/q/pytorch-torch-load-weights-only-default-true-safe-globals-custom-class-unpicklingerror-2-6",
  "markdown_url": "https://gitdocs.org/fix/pytorch-torch-load-weights-only-default-true-safe-globals-custom-class-unpicklingerror-2-6.md",
  "json_url": "https://gitdocs.org/api/fixes/pytorch-torch-load-weights-only-default-true-safe-globals-custom-class-unpicklingerror-2-6.json",
  "canonical_query": "PyTorch torch.load weights_only default True safe globals custom class UnpicklingError 2.6",
  "observed_codex_queries": [
    "PyTorch torch.load weights_only default True safe globals custom class UnpicklingError 2.6",
    "pytorch torch.load weights_only safe_globals documentation",
    "https://pytorch.org/docs/stable/generated/torch.load.html",
    "https://docs.pytorch.org/docs/stable/generated/torch.load.html",
    "'weights_only' in https://docs.pytorch.org/docs/2.12/generated/torch.load.html"
  ],
  "organic_dependency_search_count": 6,
  "affected_versions": "PyTorch 2.6 and newer when loading full-object checkpoints that contain custom globals.",
  "exact_errors": [
    "WeightsUnpickler error: Unsupported global: GLOBAL __main__.MyModel was not an allowed global by default",
    "_pickle.UnpicklingError: Weights only load failed"
  ],
  "diagnosis": "The checkpoint contains Python objects, not only tensors. The narrow repair is to allowlist the exact trusted classes or migrate the checkpoint to `state_dict` instead of setting a broad unsafe default.",
  "before": "model = torch.load(\"model.pt\")",
  "after": "from myapp.models import MyModel\nfrom torch.serialization import safe_globals\n\nwith safe_globals([MyModel]):\n    model = torch.load(\"model.pt\", weights_only=True)",
  "verification": "python - <<'PY'\nimport torch\nfrom torch.serialization import get_unsafe_globals_in_checkpoint\nprint(get_unsafe_globals_in_checkpoint(\"model.pt\"))\nPY",
  "unsafe_fixes": [
    "Do not use `weights_only=False` for user-supplied or untrusted checkpoints. That re-enables arbitrary pickle execution."
  ],
  "last_verified_at": "2026-06-25",
  "neutral_validation": {
    "organic_search_observed": true,
    "organic_strict_pass": true,
    "no_web_counterfactual_run": false,
    "no_web_strict_pass": null,
    "search_necessity_under_fixture": null,
    "no_web_oracle_note": "Observed query evidence is separated from necessity proof; no-web and stale-contract counterfactuals should be tracked separately."
  },
  "source_trail": [
    {
      "url": "https://pytorch.org/blog/pytorch2-6/",
      "label": "PyTorch 2.6 release"
    },
    {
      "url": "https://pytorch.org/docs/stable/generated/torch.load.html",
      "label": "Official reference opened by Codex"
    },
    {
      "url": "https://docs.pytorch.org/docs/stable/generated/torch.load.html",
      "label": "Official reference opened by Codex"
    },
    {
      "url": "https://pytorch.org/docs/stable/notes/serialization.html#torch-load-with-weights-only-true",
      "label": "Authoritative source"
    }
  ],
  "source_github_links": []
}