CVE-2026-43897: link-preview-js vulnerable to IPv6 and internal loopback attacks

Impact The library did not check for IPv6 loopback attacks. There was also a DNS attack, where an address could be resolved into an internal IP. This could cause internal data leaks. Patches Problem has been patched in…

7.5CVSS Score

HIGHSeverity

NOCISA KEV

VulnerabilityImpact Type

📋 Vulnerability Details

CVE ID	CVE-2026-43897
Vendor	npm
Affected Product	link-preview-js
Vulnerability Type	Vulnerability
CVSS Score	7.5 (HIGH)
Actively Exploited	❌ No known exploitation
Patch Status	See Vendor Advisory →
Reported By	CYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

Impact

The library did not check for IPv6 loopback attacks. There was also a DNS attack, where an address could be resolved into an internal IP. This could cause internal data leaks.

Patches

Problem has been patched in version 4.0.1. However, it cannot be completely solved by the package alone. The regex used for validation has been tightened for IPv6 addresses. The DNS resolving, however, is more difficult. The regex has been tightened to prohibit .internal, .local, .nip.io and .sslip.io addresses, however there can be other services not on the list, therefore it is imperative that users use the resolveDNSHost option to do DNS resolution before fetching content. To that regard a (scary) error message has been added when the option is not set.

Workarounds

Users can do their own

🎯 Known Indicators of Compromise

{"type":"domain","value":"nip.io","confidence_score":0.75,"first_seen":"2026-05-05","source_count":1} {"type":"domain","value":"sslip.io","confidence_score":0.75,"first_seen":"2026-05-05","source_count":1}

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-43897 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries

🛡️ Get Detection Pack → 🔌 Access via API →