After NTA portal, teen flags issues with JEE Advanced results site; IIT Roorkee responds

Amid the ongoing controversy over severe technical glitches in CBSE’s re-evacuation portal, a netizen who who identifies himself as a 16-year-old cybersecurity researcher has pointed out a crucial data security issue on the official website of the JEE Advanced 2026 results. Acknowledging the alert, IIT Roorkee, the organising institute, thanked him for it.

Data exposure flagged

The researcher, Rylen Anil (@DarthKermy72747), stated that the JEE Advanced 2026 results website has a public cloud storage misconfiguration exposing a large quantity of candidate data without authentication.

Also Read: Another Gen Z hacker now claims data security flaw on NTA re-exam portal

“JEE Advanced 2026 candidate/result infrastructure (https://cdata.jeeadv.ac.in/result2026/) had a public cloud storage misconfiguration exposing bulk candidate data without auth. This exposed ~179.6k result records and ~187.3k admit-card PDFs, including candidate names, DOBs and mobile numbers,” stated Anil in a post on X.

What IIT Roorkee said

In a swift response, IIT Roorkee admitted the issue and initiated corrective measures. It further stated that the data was “read-only” and hence there was no possibility of tampering.

Also Read: CBSE OSM row: Whistleblower Sarthak shares how he dug up tender flaws | Exclusive

“Thank you @DarthKermy72747 for pointing out the configuration issue in the cloud storage device. The same is being plugged on priority. The data stored was read-only and so there was no possibility of any alteration. We applaud your responsible and ethical behaviour,” stated IIT Roorkee in a post on X.

Reacting to the corrective action, Anil responded stating, “Thank you for the acknowledgment and for addressing the issue swiftly. Glad I could contribute towards improving security and appreciate the response from the team. Looking forward to continuing to support responsible security research."

Two days ago, Rylen Anil also flagged security issues in the National Testing Agency's (NTA) exam portal. The government never responded to it, though Nisarga Adhikary, another teenage ethical hacker who exposed vulnerabilities in the CBSE OSM portal, thanked him for his research.

The CBSE re-evaluation issue

The developments come at a time when questions surrounding examination technology and evaluation systems remain under sharp focus.

Also Read: CBSE breaks silence on OSM fiasco: ‘Monitoring security issues’

The CBSE on Tuesday opened its portal for Class 12 students seeking verification of marks and re-evaluation of answer scripts. The launch, which was delayed by a day, was accompanied by reports of technical issues, allegations of cyberattacks and major administrative changes within the Board.

Students can use the portal to report discrepancies found in scanned copies of answer books and request re-evaluation of specific answers. The facility will remain available until June 6.

CBSE chairman, secretary transferred

On the same day, CBSE Chairman Rahul Singh and Secretary Himanshu Gupta were transferred, with Prashant Lokhande taking charge as the new chairman. The changes coincide with an education ministry inquiry into the procurement of the On-Screen Marking (OSM) system.

Separately, student researcher Sarthak Sidhant appeared before a Parliamentary panel and alleged that tender documents showed "at least 15 discrepancies". CBSE and Coempt EduTeck have denied any irregularities, maintaining that the contract was awarded to the lowest bidder under prescribed norms.