A vulnerability, which was classified as critical , has been found in Yealink SIP-T46U 108.86.0.118 . The impacted element is the function mod_diagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI Service . This manipulation of the argument Time causes command injection. This vulnerability is handled as CVE-2026-12219 . The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respon