python · stanzaCritical

Stanza 1.12.0: Unsafe torch.load fallback allows arbitrary code execution

Stanza 1.12.0 has a vulnerability where torch.load with weights_only=True falls back to weights_only=False on UnpicklingError, allowing arbitrary code execution

20 Jun 2026Read 1 minSeverity: act now

What changed

Stanza 1.12.0 has a vulnerability where torch.load with weights_only=True falls back to weights_only=False on UnpicklingError, allowing arbitrary code execution via malicious .pt files.

Who it affects

Any user, CI/CD pipeline, or production service that loads Stanza model pretrain files from untrusted sources.

What to do today

Remove the unsafe fallback in all affected loaders (pretrain.py, coref/model.py, classifiers/trainer.py, constituency/base_trainer.py, lemma_classifier/base_model.py) and fail closed on UnpicklingError.

The trail

Collected→ Audited→ Written→ Published

Source

GitHub Advisory · stanza

Stanza 1.12.0: Unsafe torch.load fallback allows arbitrary code execution

What changed

Who it affects

What to do today

More on stanza

JupyterLab Extension Manager XSS via Malicious PyPI Package URLs

python-liquid DoS via malformed {% case %} tag