Partial-chain certificate verification may accept chains that terminate at a peer-supplied, untrusted intermediate certificate rather than a trusted anchor. An attacker could present a chain that ends at an intermediate they control and have it accepted as valid. This affects the OpenSSL compatibility certificate-path-building path (wolfSSLX509verifycert / X509STORE, OPENSSLEXTRA) when the X509VFLAGPARTIAL_CHAIN verify flag is enabled.
{
"cwe_ids": [
"CWE-295"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/6xxx/CVE-2026-6091.json",
"cna_assigner": "wolfSSL"
}