{"id":"CVE-2026-6091","summary":"Partial-chain verification accepts untrusted intermediate as trust anchor","details":"Partial-chain certificate verification may accept chains that terminate at a peer-supplied, untrusted intermediate certificate rather than a trusted anchor. An attacker could present a chain that ends at an intermediate they control and have it accepted as valid. This affects the OpenSSL compatibility certificate-path-building path (wolfSSL_X509_verify_cert / X509_STORE, OPENSSL_EXTRA) when the X509_V_FLAG_PARTIAL_CHAIN verify flag is enabled.","modified":"2026-07-16T03:48:45.032888274Z","published":"2026-06-25T16:46:12.599Z","database_specific":{"cwe_ids":["CWE-295"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/6xxx/CVE-2026-6091.json","cna_assigner":"wolfSSL"},"references":[{"type":"WEB","url":"https://www.wolfssl.com/docs/security-vulnerabilities/"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/6xxx/CVE-2026-6091.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6091"},{"type":"FIX","url":"https://github.com/wolfSSL/wolfssl/pull/10170"},{"type":"PACKAGE","url":"https://github.com/wolfSSL/wolfssl"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wolfssl/wolfssl","events":[{"introduced":"bdd62314f00fca0e216bf8c963c8eeff6327e0cb"},{"fixed":"ac01707f552c611fbd135cc723b2682b3e7f80f2"}],"database_specific":{"extracted_events":[{"introduced":"5.7.4"},{"last_affected":"5.9.1"},{"fixed":"5.9.2"}],"source":["AFFECTED_FIELD","CPE_RANGE"],"cpe":"cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*"}}],"versions":["v5.9.1-stable","v5.9.0-stable","v5.8.4-stable","wolfEntropy2d","v5.8.2-stable","v5.8.0-stable","v5.7.6-stable","v5.7.4-stable","v5.2.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-6091.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"}]}