High severity8.0NVD Advisory· Published Jun 15, 2026· Updated Jun 15, 2026

CVE-2026-12218

Description

A vulnerability was detected in Yealink SIP-T46U 108.87.50.1. The affected element is the function StartReportInformation of the file /api/inner/beforewifitest of the component Web FastCGI Service. The manipulation of the argument port results in stack-based buffer overflow. Access to the local network is required for this attack. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected products

Yealink/SIP-T46Ullm-fuzzy
Range: = 108.87.50.1

Patches

Members only

Discovered fix commits and diffs is available to signed-in members. Sign in or create a free account to read it.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cdn2.v50to.cc/T46U/T46U_beforewifitest_stack_overflow.zipnvd
vuldb.com/cve/CVE-2026-12218nvd
vuldb.com/submit/834193nvd
vuldb.com/vuln/370861nvd
vuldb.com/vuln/370861/ctinvd

News mentions

No linked articles in our index yet.

cvss	0.520
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000