Stack-based Buffer Overflow in Yealink SIP-T46U Firmware Chunk Upload Handler
CVE-2026-12221

8.6HIGH

Key Information:

Vendor

Yealink

Status
Sip-t46u
Vendor
CVE Published:
15 June 2026

What is CVE-2026-12221?

A stack-based buffer overflow vulnerability exists in the firmware chunk upload handler of Yealink SIP-T46U version 108.86.0.118. This vulnerability arises from improper handling of the 'uid/start_offset' argument within the 'sprintf' function located in the '/api/upgrade/upgrade' file. Exploiting this flaw requires access to the local network, and it can potentially allow an attacker to execute malicious payloads. Despite early disclosure to the vendor, no response has been provided, leaving the vulnerability unaddressed and potentially exploitable.

Affected Version(s)

SIP-T46U 108.86.0.118

References

https://vuldb.com/vuln/370864
vdb-entrytechnical-description
https://vuldb.com/vuln/370864/cti
signaturepermissions-required
https://vuldb.com/cve/CVE-2026-12221
third-party-advisory

CVSS V4

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

CookedMelon (VulDB User)
VulDB CNA Team
.