Stack-based Buffer Overflow Vulnerability in Yealink SIP-T46U Web FastCGI Service
CVE-2026-12222

8.6HIGH

Key Information:

Vendor

Yealink

Status
Sip-t46u
Vendor
CVE Published:
15 June 2026

What is CVE-2026-12222?

A stack-based buffer overflow vulnerability has been identified in the Yealink SIP-T46U, specifically within the Web FastCGI Service's mod_webd.BlueToothTest functionality. The vulnerability can be exploited through manipulation of specific arguments, namely btMac, pin, and reserved, which could compromise system integrity and security when executed within a local network environment. Despite early notification, the vendor has not provided any response regarding the disclosed issue, raising concerns over potential exploits that may adversely impact network operations.

Affected Version(s)

SIP-T46U 108.86.0.118

References

https://vuldb.com/vuln/370865
vdb-entrytechnical-description
https://vuldb.com/vuln/370865/cti
signaturepermissions-required
https://vuldb.com/cve/CVE-2026-12222
third-party-advisory

CVSS V4

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

ChiChen241 (VulDB User)
VulDB CNA Team
.