Npm · Link-Preview-Js · CVE-2026-43897
**Name of the Vulnerable Software and Affected Versions**
Link Preview JS versions prior to 4.0.1
**Description**
The library fails to check for IPv6 loopback attacks and is susceptible to DNS attacks where an address can be resolved into an internal IP. These issues may lead to internal data leaks.
**Recommendations**
Update to version 4.0.1.
Use the `resolveDNSHost` option to perform DNS resolution before fetching content.
Perform manual validation before fetching content as a temporary workaround.