JEE Advanced 2026 infrastructure faces scrutiny over cloud configuration issue

JEE Advanced 2026 infrastructure under scrutiny as IIT Roorkee acknowledges cloud configuration issue

NEW DELHI: Just days after cybersecurity concerns surfaced around CBSE's On-Screen Marking (OSM) system and allegations of vulnerabilities in the National Testing Agency's (NTA) re-examination portal, another examination-related digital platform has come under scrutiny. This time, the issue concerns infrastructure linked to JEE Advanced 2026, one of India's most competitive entrance examinations.

Dubai-based cybersecurity researcher Rylen Anil claimed on X that a publicly accessible cloud storage configuration exposed a large volume of candidate-related information associated with the JEE Advanced 2026 result infrastructure. According to the researcher, the exposure involved approximately 179,600 result records and around 187,300 admit-card PDFs.

The claim marks the latest in a series of cybersecurity disclosures involving examination and education-related digital systems over the past few weeks.

IIT Roorkee acknowledges configuration issue

Unlike some of the earlier controversies, the latest disclosure received a public acknowledgement from IIT Roorkee, the organising institute for JEE Advanced 2026. Responding on X, IIT Roorkee thanked the researcher for reporting the issue and confirmed that action had been initiated.

"Thank you for pointing out the configuration issue in the cloud storage device. The same is being plugged on priority. The data stored was read-only and so there was no possibility of any alteration. We applaud your responsible and ethical behaviour," the institute said.

The response suggested that while data may have been accessible, there was no indication that records could be modified through the exposed storage configuration.

Rylen Anil later thanked IIT Roorkee for addressing the matter and said he appreciated the institute's response and willingness to engage with responsible security research.

Candidate data allegedly exposed

According to the researcher, the exposed files included admit-card PDFs and result-related records containing personal information such as candidate names, dates of birth and mobile numbers. TOI Education has not independently verified the claims made on social media regarding the scale of the alleged exposure. However, IIT Roorkee's acknowledgement confirms that a cloud storage configuration issue existed and that corrective action was initiated after it was brought to the institute's attention.

Series of disclosures across examination platforms

The latest development comes amid heightened attention on cybersecurity practices within India's examination ecosystem. Earlier, CBSE's OSM infrastructure became the subject of controversy after West Bengal-based student and cybersecurity researcher Nisarga Adhikary publicly disclosed alleged vulnerabilities in systems linked to the board's digital evaluation process. CBSE later said identified vulnerabilities had been contained and cybersecurity teams were deployed to strengthen systems.

Subsequently, fresh allegations emerged regarding CBSE-linked cloud storage systems, with claims that scanned answer sheets and question papers could be accessed because of configuration weaknesses. The board said it was monitoring reported vulnerabilities and working with experts from government agencies and IITs.

Separately, cybersecurity researcher Rylen Anil recently alleged that NTA's re-examination portal contained a superadmin login bypass that exposed data relating to observers, centre superintendents and examination centres. The researcher claimed the issue provided access to administrative functions and personally identifiable information. NTA has not yet publicly responded to those claims.

Social media reactions raise wider questions

The disclosure also triggered broader discussion on social media. Some users questioned how examination systems associated with premier engineering institutions could face cloud-configuration issues. One user, responding to IIT Roorkee's acknowledgement, remarked that for a legacy engineering institution, such incidents naturally raise questions about the robustness of digital infrastructure. Others pointed to the growing dependence of examination bodies on cloud-based systems and the need for stronger security audits.

Growing focus on cybersecurity preparedness

The succession of disclosures has drawn attention to the increasing dependence of major examination bodies on digital platforms for registration, evaluation, result processing and grievance redressal. With CBSE, NTA and now JEE Advanced-linked infrastructure all facing cybersecurity-related questions within a short span, the spotlight has shifted beyond examinations themselves to the systems that store, process and protect the personal information of millions of students. For institutions managing high-stakes examinations, cybersecurity is increasingly becoming as critical as the conduct of the examinations themselves.