Partial-chain certificate verification may accept chains that terminate at a peer-supplied, untrusted intermediate certificate rather than a trusted anchor. An attacker could present a chain that ends at an intermediate they control and have it accepted as valid. This affects the OpenSSL compatibility certificate-path-building path (wolfSSLX509verifycert / X509STORE, OPENSSLEXTRA) when the X509VFLAGPARTIAL_CHAIN verify flag is enabled.