CVE-2026-43897
UNKNOWN
NVD
CVSS Score
0
Severity
UNKNOWN
Published
May 11, 2026
Vendor
unknown
Description
Link Preview JS extracts web links information. Prior to 4.0.1, the library did not check for IPv6 loopback attacks. There was also a DNS attack, where an address could be resolved into an internal IP. This could cause internal data leaks. This vulnerability is fixed in 4.0.1.
References
- https://github.com/OP-Engineering/link-preview-js/commit/4396d48909fab37553c0e93e26447fe218363ede
- https://github.com/OP-Engineering/link-preview-js/pull/179
- https://github.com/OP-Engineering/link-preview-js/releases/tag/4.0.1
- https://github.com/OP-Engineering/link-preview-js/security/advisories/GHSA-4gp8-rjrq-ch6q