CVE-2026-6091 in wolfSSL
Summary
by MITRE • 06/25/2026
Partial-chain certificate verification may accept chains that terminate at a peer-supplied, untrusted intermediate certificate rather than a trusted anchor. An attacker could present a chain that ends at an intermediate they control and have it accepted as valid. This affects the OpenSSL compatibility certificate-path-building path (wolfSSL_X509_verify_cert / X509_STORE, OPENSSL_EXTRA) when the X509_V_FLAG_PARTIAL_CHAIN verify flag is enabled.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 06/25/2026
This vulnerability represents a critical flaw in certificate verification logic that undermines the fundamental security model of public key infrastructure. The issue manifests when certificate chains are validated using partial chain verification mode, where the system accepts intermediate certificates provided by peers without proper trust validation against established root authorities. This weakness creates an exploitable path where malicious actors can construct artificial certificate chains terminating at intermediates they control, bypassing normal trust anchor validation mechanisms that should prevent such scenarios.
The technical implementation of this vulnerability occurs within the OpenSSL compatibility layer of wolfSSL library, specifically affecting functions such as wolfSSL_X509_verify_cert and X509_STORE operations. When the X509_V_FLAG_PARTIAL_CHAIN verification flag is enabled, the certificate validation process becomes susceptible to attacks where an attacker supplies a certificate chain that terminates at an intermediate certificate they control rather than a trusted root certificate authority. This bypasses the expected certificate path validation that should ensure all certificates in a chain ultimately trace back to a known, trusted anchor certificate.
The operational impact of this vulnerability extends across multiple security domains including secure communications, identity verification, and authentication systems that rely on certificate-based trust models. Attackers can exploit this weakness to perform man-in-the-middle attacks by presenting seemingly valid certificate chains that appear legitimate to systems configured with partial chain verification enabled. This creates a dangerous scenario where systems accept certificates as valid even when they originate from untrusted intermediaries, potentially allowing attackers to establish fraudulent secure connections or impersonate legitimate services.
This vulnerability aligns with CWE-295 which specifically addresses improper certificate validation and relates to the broader category of trust management failures in cryptographic systems. From an ATT&CK framework perspective, this weakness maps to techniques involving credential access through certificate manipulation and can be leveraged for initial access or privilege escalation in security contexts that depend on certificate-based authentication. The vulnerability particularly affects systems using wolfSSL libraries with OpenSSL compatibility features and demonstrates the importance of proper certificate chain validation practices.
Organizations should immediately disable partial chain verification modes when they are not explicitly required for legacy system compatibility, as this setting creates an inherent trust model weakness. Implementing strict certificate validation policies that enforce full chain verification against trusted anchor certificates provides the necessary protection against this class of attack. Additionally, security monitoring should be enhanced to detect unusual certificate chain patterns and verify that all certificate chains properly terminate at recognized root authorities rather than intermediate certificates controlled by untrusted parties. Regular security audits of cryptographic implementations are essential to ensure that certificate validation logic follows industry best practices and maintains proper trust boundaries throughout the system architecture.