Rylen Anil (@DarthKermy72747) claimed that the JEE Advanced 2026 candidate result infrastructure had a public cloud storage misconfiguration.
A 16-year-old cybersecurity researcher has flagged a major data security issue on the JEE Advanced 2026 results website, prompting a swift response from the organising institute, IIT Roorkee.
Rylen Anil (@DarthKermy72747) claimed that the JEE Advanced 2026 candidate result infrastructure had a public cloud storage misconfiguration that exposed large volumes of candidate data without authentication.
“JEE Advanced 2026 candidate/result infrastructure ([https://cdata.jeeadv.ac.in/result2026/](https://cdata.jeeadv.ac.in/result2026/)) had a public cloud storage misconfiguration exposing bulk candidate data without auth.
This exposed ~179.6k result records and ~187.3k admit-card PDFs, including candidate names, DOBs and mobile numbers.”
JEE Advanced 2026 candidate/result infrastructure (https://t.co/6mBpjkxH01) had a public cloud storage misconfiguration exposing bulk candidate data without auth.
This exposed ~179.6k result records and ~187.3k admit-card PDFs, including candidate names, DOBs and mobile numbers. pic.twitter.com/NUk4HGwqQP
— Rylen Anil (@DarthKermi72747) June 2, 2026
IIT Roorkee acknowledged the issue and initiated corrective action.
“Thank you @DarthKermy72747 for pointing out the configuration issue in the *cloud storage device*. The same is being plugged on priority. The data stored was read-only and so there was no possibility of any alteration. We applaud your responsible and ethical behaviour,” IIT Roorke wrote on its X handle.
After the corrective action, the student responded too.
“Thank you for the acknowledgment and for addressing the issue swiftly. Glad I could contribute towards improving security and appreciate the response from the team. Looking forward to continuing to support responsible security research.”
IIT Roorkee’s response
Responding publicly, IIT Roorkee said the issue stemmed from a configuration problem in a cloud storage device and assured that the data could not be altered.
“Thank you @DarthKermy72747 for pointing out the configuration issue in the *cloud storage device*. The same is being plugged on priority. The data stored was read-only and so there was no possibility of any alteration. We applaud your responsible and ethical behaviour.”
The disclosure comes at a time when concerns over examination technology systems are already under scrutiny.
CBSE’s verification portal
The Central Board of Secondary Education (CBSE) on Tuesday launched its long-awaited portal for Class 12 students seeking verification of answer sheets and re-evaluation of marks. The rollout, however, was marred by technical glitches, cyberattack claims and an administrative shake-up.
The portal, which opened a day later than scheduled, allows students to seek verification of discrepancies identified in scanned copies of answer books supplied by the Board and apply for re-evaluation of answers. The application window will remain open until midnight on June 6.
Meanwhile, CBSE Chairman Rahul Singh and Secretary Himanshu Gupta were transferred out of the Board on Tuesday, with Prashant Lokhande appointed as the new CBSE chairman.
The sudden changes come amid heightened government scrutiny of the procurement process for the Board’s On-Screen Marking (OSM) system, the digital platform used for the large-scale evaluation of Class 12 answer scripts.
What is happening?
The Union education ministry has ordered an intensive inquiry into the contract awarded to Hyderabad-based Coempt EduTeck and sought a detailed report from the Board.
Separately, a 17-year-old student appeared before a Parliamentary Standing Committee on Tuesday to present allegations of irregularities in the OSM system.
The committee on education, women, children, youth and sports affairs — the same panel that had warned after the 2024 NEET-UG paper leak that the National Testing Agency’s performance “had not inspired confidence” — is currently reviewing the use of OSM in CBSE Class 12 examinations and related issues.
Sarthak Sidhant, who says he was affected by the OSM system, presented his findings to members of the committee at the Parliament House Annexe, according to PTI.
Sidhant, who published his findings on his website after reviewing tender documents available on the Central Public Procurement portal, alleged that CBSE modified tender conditions in a manner that favoured Coempt EduTeck, the company operating the OSM system.
He claimed that a comparison of tender documents revealed “at least 15 discrepancies”, alleging that provisions relating to blacklisting, financial qualifications and eligibility criteria were altered across successive tenders.