The National Testing Agency (NTA) has purportedly found itself at the centre of another row after a 16-year-old cybersecurity researcher flagged alleged vulnerabilities in its re-examination portal.
Rylen Anil, claimed that the portal has "a superadmin login bypass" with "extremely weak credentials".
"This exposes bulk user data: ~7.9k observers, 676 CCs, 5.4k CS/centers, including names, emails and phone numbers," Anil wrote on X.
"Beyond leaking data, the bypass gives access to the superadmin dashboard itself. From there, the portal exposes admin functions to manage observers.
"It also has controls to export CSVs, generate/download appointment letters, upload templates, upload nodal officer mappings etc," he added, sharing screenshots of his findings.
The NTA is facing intense scrutiny following the alleged paper leak in the 2026 NEET-UG examination and the subsequent cancellation of the test, which sparked nationwide outrage and led to a CBI probe as well as intervention by the Centre.
A Parliamentary standing committee on Monday asked the agency over its preparations for the retest and its plan to shift exams to a computer-based format.
While The Telegraph Online could not independently verify the claims, the post drew responses from several users identifying themselves as cybersecurity professionals and software developers.
"A superadmin login bypass with weak credentials on such a sensitive platform is alarming. Data exposure is bad enough, but access to administrative functions makes the impact far more serious. This needs urgent investigation and remediation," one user wrote.
Others used the episode to criticise the state of cybersecurity across government platforms. "They spend a very low budget on them that's why almost all govt websites are easily breached many times," one user commented.
Another user pointed out that the alleged bypass would grant access to the Superadmin Dashboard, allowing anyone to export data in CSV format, generate appointment letters, manage staff and perform other administrative functions.
Rylen Anil has also been involved in exposing alleged security and technical lapses in the CBSE's on-screen marking system, working alongside student researcher Nisarga Adhikary, who first raised concerns about vulnerabilities in the evaluation portal.
Several users reported that the portal link began displaying a "404 Not Found" error message after the allegations gained traction online, prompting further questions about the status of the platform.
The allegations come at a time when the NTA is under increased scrutiny over the conduct of major entrance examinations. Though the claims regarding the re-examination portal remain unverified, they have once again raised questions about the cybersecurity safeguards protecting sensitive student information.
The agency's response to the allegations is awaited.