CVE-2026-43897

HIGH SEVERITY

Vulnerability Description

Link Preview JS extracts web links information. Prior to 4.0.1, the library did not check for IPv6 loopback attacks. There was also a DNS attack, where an address could be resolved into an internal IP. This could cause internal data leaks. This vulnerability is fixed in 4.0.1.

Vulnerability Details

Published Date

May 05, 2026

Last Modified

May 13, 2026

CWE ID

CWE-918

Source

GitHub

Vendor

npm

Product

link-preview-js

External References

https://github.com/OP-Engineering/link-preview-js/security/advisories/GHSA-4gp8-rjrq-ch6q
https://github.com/OP-Engineering/link-preview-js/pull/179
https://github.com/OP-Engineering/link-preview-js/commit/4396d48909fab37553c0e93e26447fe218363ede
https://github.com/OP-Engineering/link-preview-js/releases/tag/4.0.1
https://github.com/advisories/GHSA-4gp8-rjrq-ch6q

CVE-2026-43897

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment