OpenSSL 1.0.2 will accept a certificate with explicitly set Basic Constraints to CA:FALSE as a valid CA if it is present in the trusted bundle.
Upstream bug: https://github.com/openssl/openssl/issues/5236
The exploitability of this bug is limited; the attacker needs to get access to a private key of which the corresponding certificate is in the trust bundle; but if, as an administrator, I want my machine to trust a specific self-signed certificate, that's precisely what I need to do. Then the attacker is able to leverage this certificate to MITM any connection from my machine, not just ones to the specific server that uses the self-signed certificate.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):