Skip to main content

wolfSSL EUVDEUVD-2026-39486

| CVE-2026-6091 MEDIUM
Improper Certificate Validation (CWE-295)
2026-06-25 wolfSSL GHSA-mhq8-94h7-mrgx
6.0
CVSS 4.0 · Vendor: wolfSSL
Share

Severity by source

Vendor (wolfSSL) PRIMARY
6.0 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.9 MEDIUM

Non-default dual requirement (OPENSSL_EXTRA build flag plus X509_V_FLAG_PARTIAL_CHAIN runtime flag) maps to AC:H; attacker needs no privileges on the target system to present a crafted certificate chain.

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
4.0 AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (wolfSSL).

CVSS VectorVendor: wolfSSL

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Source Code Evidence Fetched
Jun 25, 2026 - 18:21 vuln.today
Analysis Generated
Jun 25, 2026 - 18:21 vuln.today
CVE Published
Jun 25, 2026 - 16:46 cve.org
MEDIUM 6.0

DescriptionCVE.org

Partial-chain certificate verification may accept chains that terminate at a peer-supplied, untrusted intermediate certificate rather than a trusted anchor. An attacker could present a chain that ends at an intermediate they control and have it accepted as valid. This affects the OpenSSL compatibility certificate-path-building path (wolfSSL_X509_verify_cert / X509_STORE, OPENSSL_EXTRA) when the X509_V_FLAG_PARTIAL_CHAIN verify flag is enabled.

AnalysisAI

Certificate chain validation bypass in wolfSSL's OpenSSL compatibility layer allows a network attacker to present a chain terminating at an untrusted intermediate they control, which is accepted as valid when X509_V_FLAG_PARTIAL_CHAIN is enabled. The flaw (CWE-295) resided in wolfSSL_X509_verify_cert, where the partial-chain fallback confirmed only that some intermediate was temporarily loaded into the CertManager during path building - not that the terminal certificate was in the caller's actual trust store. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify target application using wolfSSL OPENSSL_EXTRA with partial-chain flag enabled
Delivery
Craft certificate chain terminating at attacker-controlled intermediate
Exploit
Initiate or intercept TLS connection to victim application
Execution
Present malicious chain during TLS handshake
Persist
Trigger wolfSSL_X509_verify_cert partial-chain fallback with untrusted terminal cert
Impact
Certificate validation bypassed, attacker impersonates trusted entity

Vulnerability AssessmentAI

Exploitation Two explicit conditions must be simultaneously true: (1) wolfSSL must be compiled with OPENSSL_EXTRA to enable the OpenSSL compatibility certificate-path-building API (wolfSSL_X509_verify_cert / X509_STORE); and (2) the application must explicitly call X509_STORE_set_flags with X509_V_FLAG_PARTIAL_CHAIN - this flag is not set by default. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 6.0 (AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N) reflects a network-reachable integrity flaw with the AT:P (attack requirements present) metric confirming that a specific non-default condition - the X509_V_FLAG_PARTIAL_CHAIN flag - must be explicitly set by the application. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker operating a rogue TLS server or positioned for MITM constructs a certificate chain where the terminal certificate is an intermediate they generated and control, without registering it in the victim application's trust store. When the application connects and wolfSSL evaluates the chain with X509_V_FLAG_PARTIAL_CHAIN set, the pre-fix partial-chain fallback accepts the chain because some intermediate was temporarily loaded into the CertManager during path building, never verifying the terminal certificate against trusted entries. …
Remediation Apply the upstream fix once it is included in an official wolfSSL release - monitor the wolfSSL security advisories page at https://www.wolfssl.com/docs/security-vulnerabilities/ for the patched tagged version, as the exact release version is not confirmed from the available data (only GitHub PR #10170 at https://github.com/wolfSSL/wolfssl/pull/10170 is available). … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2014-0160 HIGH POC
7.5 Apr 07

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packe

CVE-2014-0195 MEDIUM POC
6.8 Jun 05

The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0

CVE-2014-0224 HIGH POC
7.4 Jun 05

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph

CVE-2016-0800 MEDIUM POC
5.9 Mar 01

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to se

CVE-2015-0204 MEDIUM POC
4.3 Jan 09

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k

CVE-2014-3566 LOW POC
3.4 Oct 15

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which mak

CVE-2016-2107 MEDIUM POC
5.9 May 05

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a

CVE-2015-1793 MEDIUM POC
6.5 Jul 09

The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly

CVE-2022-3602 HIGH
7.5 Nov 01

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Rated hig

CVE-2014-3470 MEDIUM
4.3 Jun 05

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before

CVE-2017-3730 HIGH POC
7.5 May 04

In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this

CVE-2016-8610 HIGH
7.5 Nov 13

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL proto

Share

EUVD-2026-39486 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy