A vulnerability was found in OP-Engineering link-preview-js up to 4.0.0 . It has been declared as critical . Affected is an unknown function of the component Link Preview Handler . Such manipulation leads to server-side request forgery. This vulnerability is referenced as CVE-2026-43897 . It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.