A vulnerability was found in Yealink SIP-T46U 108.86.0.118 . It has been classified as critical . Affected by this vulnerability is the function mod_webd.TFTPUploadIperf of the file /api/inner/tftpuploadiperf of the component Web FastCGI Service . The manipulation of the argument ip/port leads to command injection. This vulnerability is referenced as CVE-2026-12223 . The attack needs to be initiated within the local network. Furthermore, an exploit is available. The vendor was contacted early ab