A vulnerability, which was classified as critical , was found in Yealink SIP-T46U 108.86.0.118 . This affects the function mod_upgrade.SparePartsUpload of the file /api/upgrade/accupgradebychunk of the component Firmware Chunk Upload handler . Such manipulation of the argument uid leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2026-12220 . The attack can only be initiated within the local network. Moreover, an exploit is present. The vendor was contacted e