CVE-2026-43897
Link Preview JS: vunerable to IPv6 and internal loopback attacks
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
12th
Link Preview JS extracts web links information. Prior to 4.0.1, the library did not check for IPv6 loopback attacks. There was also a DNS attack, where an address could be resolved into an internal IP. This could cause internal data leaks. This vulnerability is fixed in 4.0.1.
| CWE | CWE-918 |
| Vendor | op-engineering |
| Product | link-preview-js |
| Published | May 11, 2026 |
| Last Updated | May 12, 2026 |
Stay Ahead of the Next One
Get instant alerts for op-engineering link-preview-js
Be the first to know when new unknown vulnerabilities affecting op-engineering link-preview-js are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
OP-Engineering / link-preview-js
< 4.0.1
References
github.com: https://github.com/OP-Engineering/link-preview-js/security/advisories/GHSA-4gp8-rjrq-ch6q github.com: https://github.com/OP-Engineering/link-preview-js/pull/179 github.com: https://github.com/OP-Engineering/link-preview-js/commit/4396d48909fab37553c0e93e26447fe218363ede github.com: https://github.com/OP-Engineering/link-preview-js/releases/tag/4.0.1