A fresh trouble appeared to be stirring up for the National Testing Agency (NTA), which is already at the centre of the paper leak storm, after a 16-year-old — identifying as a cybersecurity researcher
— flagged serious vulnerabilities in its re-examination portal.
The teen claimed that the NTA portal could potentially leak user data and expose sensitive administrative information.
Cybersecurity Researcher Flags Vulnerabilities
Taking to X, a 16-year-old “cybersecurity researcher” raised concerns about the digital platform’s security preparedness for conducting and managing high-stakes examinations in India.
The user said that the website’s vulnerability could expose data of thousands of observers, examination centres and centre coordinators, including names, email addresses, and phone numbers.
NTA’s Re-examination portal (https://t.co/yKhDNDCPE1) has a superadmin login bypass by using extremely weak credentials
This exposes bulk user data: ~7.9k observers, 676 CCs, 5.4k CS/centers, including names, emails and phone numbers.@ni5arga pic.twitter.com/n2q4d0Egvw
— Rylen Anil (@DarthKermi72747) May 31, 2026
“NTA’s Re-examination portal (https://ntaexammanagement.nta.ac.in/re-examination/) has a superadmin login bypass by using extremely weak credentials. This exposes bulk user data: ~7.9k observers, 676 CCs, 5.4k CS/centres, including names, emails and phone numbers,” he said.
Also Read: CBSE Clarifies ‘Compromised’ OSM Portal Mentioned In Hacking Claim Was Only Testing Site
He added that the issue extended beyond data exposure. The cybersecurity researcher said that unauthorised access to the administrative dashboard can enable functions like exporting data, generating appointment letters, managing observer records, uploading templates, and handling administrative mappings.
Beyond leaking data, the bypass gives access to the superadmin dashboard itself. From there, the portal exposes admin functions to manage observers,
It also has controls to export CSVs, generate/download appointment letters, upload templates, upload nodal officer mappings etc pic.twitter.com/7YcCNmA0tn
— Rylen Anil (@DarthKermi72747) May 31, 2026
“Beyond leaking data, the bypass gives access to the superadmin dashboard itself. From there, the portal exposes admin functions to manage observers. It also has controls to export CSVs, generate/download appointment letters, upload templates, upload nodal officer mappings, etc.,” the user said.
Although the allegations remain unverified, they have triggered concern among students, educators, and cybersecurity experts, given the sensitivity of the data reportedly involved.
NTA Re-Examination Portal Down
As soon as the allegation gained traction on the social media platform, several users shared that the website was down and the link was displaying a “404 Not Found” error message. The NTA has not issued any official statement on the claims.
Hacker Flags Security Flaws In CBSE Portal
The latest claims come in the wake of serious security vulnerabilities reportedly discovered in CBSE’s Class 12 marking portal.
CBSE faced widespread criticism after a 19-year-old self-taught cybersecurity researcher claimed to have breached its On-Screen Marking (OSM) portal, which is used to evaluate and process results for over two million Class 12 students.
Also Read: CBSE Cybersecurity Put To The Test: 19-Year-Old Ethical Hacker Flags ‘OSM Portal Flaws’, Board Rejects Claims
The researcher, Nisarga Adhikary, alleged that multiple security vulnerabilities existed in the system and said he had alerted the authorities about them three months earlier.
He claimed that only partial fixes were carried out despite his warnings. Responding to the allegations, CBSE said the URL cited in the hacking claim, cbse.onmarks.co.in, is a testing platform containing sample data meant for internal review and is not part of the live evaluation system.
Paper Leak Row
The allegations also come at a time when NTA is facing massive backlash over the paper leak of NEET-UG 2026, which forced the agency to cancel and announce a re-test. The incident has raised questions over the agency’s ability to conduct and manage national-level examinations.
