Vulnerability Description
Link Preview JS extracts web links information. Prior to 4.0.1, the library did not check for IPv6 loopback attacks. There was also a DNS attack, where an address could be resolved into an internal IP. This could cause internal data leaks. This vulnerability is fixed in 4.0.1.
Related Weaknesses (CWE)
References
- https://github.com/OP-Engineering/link-preview-js/commit/4396d48909fab37553c0e93
- https://github.com/OP-Engineering/link-preview-js/pull/179
- https://github.com/OP-Engineering/link-preview-js/releases/tag/4.0.1
- https://github.com/OP-Engineering/link-preview-js/security/advisories/GHSA-4gp8-
FAQ
What is CVE-2026-43897?
CVE-2026-43897 is a documented vulnerability. Link Preview JS extracts web links information. Prior to 4.0.1, the library did not check for IPv6 loopback attacks. There was also a DNS attack, where an address could be resolved into an internal IP...
How severe is CVE-2026-43897?
CVSS scoring is not yet available for CVE-2026-43897. Check NVD for updates.
Is there a patch for CVE-2026-43897?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.