The vulnerability (CVE-2026-6091) affects wolfSSL's OpenSSL compatibility certificate-path-building implementation (wolfSSL_X509_verify_cert / X509_STORE, OPENSSL_EXTRA) when the X509_V_FLAG_PARTIAL_CHAIN flag is enabled. The partial-chain verification process may incorrectly accept certificate chains that end at an untrusted intermediate certificate supplied by a peer, rather than requiring the chain to terminate at a trusted root certificate authority. This can allow an attacker to present a malicious intermediate certificate as valid, potentially undermining the trust model of certificate validation.

If exploited, this vulnerability could allow an attacker to have a certificate chain accepted as valid when it terminates at an untrusted intermediate certificate controlled by the attacker. This undermines the integrity of certificate validation and could lead to man-in-the-middle attacks or unauthorized access where certificate-based authentication is used.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should avoid enabling the X509_V_FLAG_PARTIAL_CHAIN verify flag in wolfSSL's OpenSSL compatibility mode or implement additional validation controls to ensure certificate chains terminate at trusted anchors.