CVE-2026-12219 | Yealink SIP-T46U 108.86.0.118 Web FastCGI Service /api/diagnosis/start mod_diagnose.CommandShellByType Time command injection

Inserito da Angelo Barbosa | Giu 14, 2026 | CVE

A vulnerability, which was classified as critical, has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function mod_diagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI Service. This manipulation of the argument Time causes command injection.

This vulnerability is handled as CVE-2026-12219. The attack can be initiated remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-12219 | Yealink SIP-T46U 108.86.0.118 Web FastCGI Service /api/diagnosis/start mod_diagnose.CommandShellByType Time command injection

Post correlati

CVE-2023-5650 | Zyxel ATP/USG FLEX/USG FLEX 50/USG20-VPN/VPN Web GUI privileges management

CVE-2026-7447 | SourceCodester Pet Grooming Management Software 1.0 update_customer.php type/length/business parameter validity sql injection

CVE-2024-26076 | Adobe Experience Manager up to 6.5.19 Form Field cross site scripting (apsb24-21)

CVE-2026-7498 | Basamak DernekWeb cross site scripting (ID 30122025)