Vulnerability in Link Preview JS affects data security
CVE-2026-43897

8.7HIGH

Key Information:

Vendor: Op-engineering
Status: Link-preview-js
Vendor: CVE Published:; 11 May 2026

🔔 Create Op-engineering Vulnerability Alert

What is CVE-2026-43897?

Link Preview JS, a library used to extract information from web links, has a vulnerability that affects versions prior to 4.0.1, wherein it fails to protect against IPv6 loopback attacks. Additionally, a DNS resolution flaw could potentially expose internal IP addresses, leading to unauthorized access to internal data. This vulnerability has been addressed in version 4.0.1, emphasizing the importance of updating to mitigate risks associated with data leakage.