Partial-Chain Certificate Verification Flaw in wolfSSL
CVE-2026-6091

6MEDIUM

Key Information:

Vendor: Wolfssl
Status: Wolfssl
Vendor: CVE Published:; 25 June 2026

What is CVE-2026-6091?

The vulnerability in wolfSSL arises from a flaw in the partial-chain certificate verification process, which may improperly accept certificate chains ending in an untrusted intermediate certificate supplied by a malicious peer. This flaw could allow an attacker to present a certificate chain terminating at an intermediate they control, circumventing normal trust mechanisms. It specifically affects the X509 verification functions when the X509_V_FLAG_PARTIAL_CHAIN flag is used. Users are advised to apply the latest security patches to mitigate this risk.

Affected Version(s)

wolfSSL 5.7.4 <= 5.9.1

References

https://github.com/wolfSSL/wolfssl/pull/10170

patch

https://www.wolfssl.com/docs/security-vulnerabilities/

CVSS V4

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Apr 10, 2026

Credit

Dikai Zou

CVE-2026-6091 Data

JSON

Wolfssl

What is CVE-2026-6091?

Affected Version(s)

References

CVSS V4

Timeline

Credit