A vulnerability was found in Yealink SIP-T46U 108.86.0.118 and classified as critical . Affected is the function mod_webd.BlueToothTest of the file /api/inner/bttest of the component Web FastCGI Service . Executing a manipulation of the argument btMac/pin/reserved can lead to stack-based buffer overflow. The identification of this vulnerability is CVE-2026-12222 . The attack needs to be done within the local network. Furthermore, there is an exploit available. The vendor was contacted early abou