CVE-2026-12221
HighCVSS 8.0Exploitation Probability (EPSS)
Low risk29th percentile - higher than 29% of all known CVEs
Summary
A stack-based buffer overflow vulnerability was found in Yealink SIP-T46U firmware version 108.86.0.118. The issue occurs in the sprintf function within the /api/upgrade/upgrade file when processing uid and start_offset arguments in the Firmware Chunk Upload Handler component. The attack requires local network access and the exploit has been made public.
Risk Assessment
Successful exploitation could lead to arbitrary code execution or device crash, potentially disrupting VoIP communications in the organization and exposing the network to further compromise.
Recommendation
Immediately restrict access to the device management interface to trusted networks only and apply temporary firewall rules blocking unauthorized requests to the /api/upgrade/upgrade endpoint. Once the vendor releases a patch, update the firmware promptly.
Original NVD description (English source)
A vulnerability was found in Yealink SIP-T46U 108.86.0.118. This impacts the function sprintf of the file /api/upgrade/upgrade of the component Firmware Chunk Upload Handler. Performing a manipulation of the argument uid/start_offset results in stack-based buffer overflow. The attack needs to be approached within the local network. The exploit has been made public and could be used. The vendor was contacted early about this disclosure and is working on a patch to fix it.

