[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"branding":3,"analytics":7,"article-nat-slipstreaming-v20-claims-universal-port-access":10,"sections":49},{"siteName":4,"siteTagline":5,"publisherName":4,"contactEmail":6},"The Revision","Tech news, decoded.","editor@therevision.news",{"gaMeasurementId":8,"adsenseClientId":9},"G-ZW2MV82GYR","ca-pub-8533917693782264",{"article":11},{"id":12,"slug":13,"title":14,"dek":15,"body_md":16,"tags_json":17,"published_at":18,"created_at":19,"updated_at":20,"status":21,"review_note":22,"review_notes":23,"image_url":22,"persona_id":22,"persona_name":22,"section":38,"tags":39,"sources":44,"feedback":48,"feedback_at":22,"cost_usd":48,"total_tokens":48},4730,"nat-slipstreaming-v20-claims-universal-port-access","NAT Slipstreaming v2.0 Claims Universal Port Access","A researcher claims NAT Slipstreaming v2.0 can expose any TCP or UDP port to remote attackers, but the writeup offers few verifiable details.","A new version of the NAT Slipstreaming attack reportedly gives remote attackers access to any TCP or UDP service behind a firewall.\n\nA writeup on researcher Samy Kamkar's site (Kamkar created the original browser-based NAT bypass technique in 2020) claims the v2.0 variant extends the attack to reach any TCP or UDP port, removing the scope limits of the first version. The post appeared on July 15, 2026 with minimal early engagement. No CVE identifier appears in the public writeup, no browser vendors or router manufacturers are named as affected parties, and no coordinated disclosure timeline is mentioned.\n\nThat matters because the original NAT Slipstreaming forced a rapid response: browser makers patched the technique within months of its disclosure. If v2.0 genuinely sidesteps those fixes and works against any port, the exposure would be significant. But \"remotely access any TCP\u002FUDP service\" is a broad claim, and the writeup has not been independently confirmed.\n\nMinimal engagement on a link aggregator is not a security advisory. Worth monitoring, not acting on.","[\"nat slipstreaming\",\"network security\",\"vulnerability\",\"firewall bypass\"]","2026-07-15T15:46:39.000Z","2026-07-15T16:59:54.990Z","2026-07-15T16:59:57.822Z","published",null,[24,30,34],{"id":25,"reviewer":26,"round":27,"reason":28,"status":29},"editor-r1","editor",1,"The article contains no concrete specifics — no dates, no named browser vendors, no named router manufacturers, no CVE identifiers, no affected software versions, and no detail on the coordination or disclosure status — making it indistinguishable from a generic explainer rather than a news article reporting a material development; additionally, the source material is a low-engagement Hacker News link (4 points, 1 comment) pointing to an external URL whose content is not provided, so the factual","resolved",{"id":31,"reviewer":26,"round":32,"reason":33,"status":29},"editor-r2",2,"The draft still contains an embedded reporter's note ('so treat the headline claim as unverified until the full technical writeup can be reviewed') that must be removed or replaced with editorial handling before publication, and the open concern from editor-r1 remains unresolved: the draft still lacks concrete specifics — no CVE identifiers, no named browser vendors or router manufacturers, no affected versions, no disclosure status — and the sole source is a 4-point Hacker News post linking to ",{"id":35,"reviewer":26,"round":36,"reason":37,"status":29},"editor-r3",3,"The draft still lacks the concrete specifics required to distinguish a news article from a generic explainer — no CVE identifiers, no named browser vendors or router manufacturers, no affected software versions, no disclosure or coordination status, and no publication date for the v2.0 writeup — and the sole source remains a 4-point Hacker News post whose linked content has not been reviewed, which means the central claim of universal TCP\u002FUDP port access cannot be verified or responsibly reporte","security",[40,41,42,43],"nat slipstreaming","network security","vulnerability","firewall bypass",[45],{"name":46,"url":47},"Hacker News","https:\u002F\u002Fsa.my\u002Fslipstream\u002F",0,{"sections":50},[51,56,60,65,70,75,80,85,90,95,100,104,109,114],{"name":52,"slug":53,"count":54,"latest_published_at":55},"AI","ai",2583,"2026-07-15T21:33:20.000Z",{"name":57,"slug":38,"count":58,"latest_published_at":59},"Security",294,"2026-07-15T19:59:48.000Z",{"name":61,"slug":62,"count":63,"latest_published_at":64},"Deals","deals",179,"2026-06-29T20:02:07.000Z",{"name":66,"slug":67,"count":68,"latest_published_at":69},"Policy","policy",158,"2026-07-16T00:02:48.000Z",{"name":71,"slug":72,"count":73,"latest_published_at":74},"Hardware","hardware",122,"2026-07-14T19:46:26.000Z",{"name":76,"slug":77,"count":78,"latest_published_at":79},"Consumer Tech","consumer-tech",93,"2026-07-13T13:20:48.000Z",{"name":81,"slug":82,"count":83,"latest_published_at":84},"Software","software",70,"2026-07-13T19:52:25.000Z",{"name":86,"slug":87,"count":88,"latest_published_at":89},"Science","science",66,"2026-07-10T10:29:37.000Z",{"name":91,"slug":92,"count":93,"latest_published_at":94},"Dev Tools","dev-tools",59,"2026-07-07T04:00:00.000Z",{"name":96,"slug":97,"count":98,"latest_published_at":99},"Gaming","gaming",41,"2026-07-09T04:00:00.000Z",{"name":101,"slug":102,"count":98,"latest_published_at":103},"Startups","startups","2026-06-29T20:55:50.000Z",{"name":105,"slug":106,"count":107,"latest_published_at":108},"General","general",29,"2026-07-10T22:28:58.000Z",{"name":110,"slug":111,"count":112,"latest_published_at":113},"Reviews","reviews",20,"2026-06-24T12:00:01.000Z",{"name":115,"slug":116,"count":117,"latest_published_at":118},"How-To","how-to",6,"2026-06-16T09:00:00.000Z"]