Following the CBSE’s On-Screen Marking system controversy, which prompted intermediate students to step in and report vulnerabilities in the evaluation portal online, fresh loopholes in another examination-related portal have come to light. According to the claims of an independent cybersecurity researcher on X, a breach found in the National Testing Agency’s (NTA) re-examination portal could expose sensitive bulk data.
The researcher alleged that the superadmin login of NTA’s re-examination portal (http://ntaexammanagement.nta.ac.in/re-examination/) could be easily bypassed using extremely weak credentials.
This breach, according to him, had the potential to reveal sensitive information of 7,900 observers, 676 city coordinators, and 5,400 centre superintendents/exam centres, including names, emails, phone numbers, and more.
The Dubai-based cybersecurity researcher, Rylen Anil, also alleged that the bypass allowed complete access to the Superadmin Dashboard, implying that anyone could export all data, generate appointment letters, manage staff, and tamper with critical exam processes.
When highlighted by another user on the microblogging site X, Rylen affirmed that the weak spots were discovered by him on May 31, following which he contacted the testing agency. The issue was swiftly addressed by NTA, as it took down the portal and is actively striving to fix it.
This was backed by a comment on Tanmay Kashyap’s X post, which emphasised the loopholes discovered by Rylen. “Link is blocked and stopped working,” an X user commented.
Note: This report sums up the claims of an independent researcher; its veracity has not been confirmed by Times Now Digital.
Not just NTA, Rylen also reported that the JEE Advanced 2026 candidate/result infrastructure (https://cdata.jeeadv.ac.in/result2026/) had a public cloud storage misconfiguration, exposing bulk candidate data without authentication.
He stressed that the vulnerability was exposing 179.6k result records and 187.3k admit-card PDFs, including candidate names, DOBs, and mobile numbers.
Soon after, the Indian Institute of Technology (IIT) Roorkee, the organising institute of JEE Advanced 2026, responded to him, saying, “Thank you @DarthKermy72747 for pointing out the configuration issue in the ‘cloud storage device’. The same is being addressed on priority. The data stored was read-only, and so there was no possibility of any alteration. We applaud your responsible and ethical behaviour.”
Check Out | Meet the New CBSE Chairman: Lokhande Prashant Sitaram Replaces Rahul Singh Amid OSM Row