CVE Catalog

CVE-2026-6091

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

5th percentile — higher than 5% of all known CVEs

Summary

A vulnerability in the wolfSSL library allows accepting a certificate chain that terminates at an untrusted intermediate certificate instead of a trusted anchor. The issue occurs in partial-chain verification mode (X509_V_FLAG_PARTIAL_CHAIN) and affects the OpenSSL-compatible certificate path building path.

Risk Assessment

An attacker can present a forged certificate chain ending with their own intermediate certificate, which will be accepted as valid. This could lead to impersonation of trusted servers or TLS communication interception.

Recommendation

Update the wolfSSL library to a version where this vulnerability is fixed. Until the update, disable the X509_V_FLAG_PARTIAL_CHAIN flag in certificate verification configuration.

Original NVD description (English source)

Partial-chain certificate verification may accept chains that terminate at a peer-supplied, untrusted intermediate certificate rather than a trusted anchor. An attacker could present a chain that ends at an intermediate they control and have it accepted as valid. This affects the OpenSSL compatibility certificate-path-building path (wolfSSL_X509_verify_cert / X509_STORE, OPENSSL_EXTRA) when the X509_V_FLAG_PARTIAL_CHAIN verify flag is enabled.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS