Stack-Based Buffer Overflow in Yealink SIP-T46U Web FastCGI Service
CVE-2026-12218

8.6HIGH

Key Information:

Vendor

Yealink

Status
Sip-t46u
Vendor
CVE Published:
15 June 2026

What is CVE-2026-12218?

A stack-based buffer overflow vulnerability has been identified in the Yealink SIP-T46U with version 108.87.50.1. This flaw occurs within the 'StartReportInformation' function of the '/api/inner/beforewifitest' endpoint of the Web FastCGI Service. An attacker with local network access can manipulate the 'port' argument, resulting in potential code execution risks. This vulnerability has been publicly disclosed, and the vendor was notified but did not respond. It is crucial for users to apply necessary precautions and updates to safeguard their devices.

Affected Version(s)

SIP-T46U 108.87.50.1

References

https://vuldb.com/vuln/370861
vdb-entrytechnical-description
https://vuldb.com/vuln/370861/cti
signaturepermissions-required
https://vuldb.com/cve/CVE-2026-12218
third-party-advisory

CVSS V4

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

CookedMelon (VulDB User)
VulDB CNA Team
.