SSRF in Op-engineering Link-preview-js

CVE-2026-43897

Link Preview JS extracts web links information. Prior to 4.0.1, the library did not check for IPv6 loopback attacks. There was also a DNS attack, where an address could be resolved into an internal IP. This could cause internal data leaks…

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.001 (17.2th percentile) — read the EPSS interpretation.