A 16-year-old cybersecurity researcher flagged a major data security issue on the JEE Advanced 2026 results website, prompting a quick response from the organizing institute, IIT Roorkee.
Railin Anil (@DarthKermy72747) claimed that the JEE Advanced 2026 candidate results infrastructure had a misconfigured public cloud storage which resulted in large amounts of candidate data being exposed without authentication.
JEE Advanced 2026 Candidate Infrastructure/Result ([https://cdata.jeeadv.ac.in/result2026/](https://cdata.jeeadv.ac.in/result2026/)) A public cloud storage configuration error occurred resulting in the exposure of bulk filter data without authentication.
This exposed approximately 179.6 lakh result records and approximately 187.3 lakh admit card PDF files, including names of candidates, DOB numbers and mobile numbers.”
IIT Roorkee acknowledged the issue and started taking corrective action.
“Thank you @DarthKermy72747 for pointing out the configuration issue in *cloud storage device*. The same is being communicated on Priority. The stored data was read-only and hence there was no possibility of any change. We applaud your responsible and ethical behaviour,” IIT Roorke wrote on his X handle.
After the corrective action, the student also responded.
“Thank you for the acknowledgment and for quickly addressing the issue. I’m pleased to be able to contribute to improving security and appreciate the team’s response. I look forward to continuing to support responsible security research.”
Read also | The Gen-Z blogger who exposed the CBSE mess presents his investigation to Parliament committee: What it means
Reply IIT Roorkee
Reacting publicly, IIT Roorkee said the issue was due to a configuration issue in a cloud storage device and maintained that the data could not be changed.
“Thank you @DarthKermy72747 for pointing out the configuration issue in *cloud storage device*. The same is being connected on priority. The stored data was read-only hence there was no possibility of any change. We applaud your responsible and ethical behaviour.”
The revelation comes at a time when concerns about screening technology systems are already under scrutiny.
CBSE verification portal
The Central Board of Secondary Education (CBSE) on Tuesday launched its much-awaited portal for Class 12 students seeking to check answer sheets and re-evaluate marks. However, the rollout was marred by technical glitches, claims of cyberattacks, and administrative changes.
The portal, which opened a day later than scheduled, allows students to seek verification of discrepancies identified in scanned copies of answer books provided by the board and apply for re-evaluation of answers. The application window will remain open until midnight on June 6.
Read also | Teen whistleblower, portal chaos, cyber attacks and change in leadership: How CBSE’s OSM row escalated
Meanwhile, CBSE chairman Rahul Singh and secretary Himanshu Gupta were transferred from the board on Tuesday, with Prashant Lokhande appointed as the new CBSE chairman.
The surprise changes come amid increasing government scrutiny into the procurement process for the council’s On-Screen Marking (OSM) system, the digital platform used for the large-scale assessment of Class 12 answer scripts.
What is happening?
The Union Education Ministry has ordered an extensive investigation into the contract awarded to Hyderabad-based Coempt EduTeck and has sought a detailed report from the board.
Separately, a 17-year-old student appeared before the parliamentary standing committee on Tuesday to make allegations of irregularities in the OSM system.
The Education, Women, Children, Youth and Sports Affairs Committee — the same committee that warned after the 2024 NEET-UG paper leak that the National Testing Agency’s performance “did not inspire confidence” — is currently reviewing the use of OSM in CBSE Class 12 exams and related issues.
Sarthak Siddhant, who says he was influenced by the OSM system, presented his findings to committee members at the Parliament House annex, according to PTI.
Siddhant, who posted his findings on his website after reviewing bidding documents available on the central public procurement portal, alleged that the CBSE modified the tender conditions in a way that favored Coempt EduTeck, the company that runs the OSM system.
He claimed that a comparison of tender documents revealed “at least 15 discrepancies”, alleging that provisions relating to blacklisting, financial qualifications and eligibility criteria had been changed across successive tenders.
At the same time, Siddhant made it clear that he was not opposed to the OSM system itself, but said that it should have undergone broader testing and pilot implementation before being rolled out on a large scale.
Both CBSE and Coempt EduTeck have denied any wrongdoing in the tender process, with the board maintaining that the contract was awarded to the lowest bidder in accordance with applicable rules.
