Teen cybersecurity researcher exposes flaw in JEE Advanced 2026 website

IIT Roorkee moved quickly to address a cloud storage configuration issue after a 16-year-old researcher reported that candidate records and admit-card data linked to the JEE Advanced 2026 results system were publicly accessible.

A 16-year-old cybersecurity researcher has drawn attention to a security vulnerability in the JEE Advanced 2026 results infrastructure, prompting IIT Roorkee to take immediate corrective action. The issue reportedly involved a cloud storage configuration that allowed unauthorised access to candidate-related data stored online.

The researcher, Rylen Anil, publicly disclosed the finding on social media, claiming that a misconfigured cloud storage resource associated with the examination portal exposed a significant volume of candidate information without requiring authentication. According to the disclosure, the accessible data allegedly included result records and admit-card PDFs containing personal details such as names, dates of birth, and mobile numbers.

IIT Roorkee, the organising institute for JEE Advanced 2026, acknowledged the report and confirmed that the issue was being addressed on priority. The institute stated that the vulnerability stemmed from a configuration problem in a cloud storage device and clarified that the data was stored in a read-only format, preventing any unauthorised modifications.

IIT Roorkee responds to security disclosure

In its public response, IIT Roorkee thanked the young researcher for responsibly reporting the issue and praised his ethical approach. The institute emphasised that while the configuration flaw required urgent attention, there was no possibility of data alteration due to the nature of the storage setup.

Following the fix, the researcher welcomed the institute's swift response, stating that he was pleased to have contributed to improving the security of the platform. The exchange has been viewed as a positive example of responsible vulnerability disclosure, where security findings are reported and addressed without causing disruption.

The incident has also highlighted the growing role played by independent researchers in identifying weaknesses across public-facing digital systems.

Digital examination platforms face increased scrutiny

The disclosure comes at a time when examination technology platforms are facing heightened attention from policymakers and stakeholders. Concerns around digital infrastructure, data security, and technology governance have intensified as educational institutions increasingly rely on online systems to manage large-scale examinations.

Separately, CBSE has recently come under scrutiny over issues linked to its digital evaluation ecosystem, including questions surrounding its On-Screen Marking (OSM) platform and related procurement processes. The matter has attracted the attention of both the Union education ministry and a Parliamentary Standing Committee.

While IIT Roorkee's prompt action appears to have resolved the immediate issue, the episode serves as a reminder of the importance of robust cybersecurity practices in protecting sensitive student information across India's rapidly expanding digital education infrastructure.