NEET 2026 Paper Leak: Inside the CBI Investigation and the June 21 Re-exam Security Challenge

The Investigation That Followed India's Second Full Exam Cancellation

When the National Testing Agency cancelled the NEET-UG 2026 examination on May 12, 2026, nine days after 22 lakh candidates had sat the exam, it marked only the second full national examination cancellation since independence. The first was the 2015 AIPMT cancellation. The trigger was the discovery that a "guess paper" circulating on WhatsApp and Telegram channels contained over 120 questions that closely matched the actual NEET-UG 2026 question paper.

The CBI investigation that followed has now resulted in 13 arrests. A Delhi court extended judicial custody of five accused — Mangilal Biwal, Vikas Biwal, Dinesh Biwal, Yash Yadav, and Dhananjay Lokhande — until June 15, 2026. In one of the case's stranger developments, Yash Yadav, an accused awaiting trial, petitioned the Delhi court for permission to keep study books in judicial custody to prepare for the NEET re-exam scheduled for June 21. The court granted the application.

The Paper Translator Vector

What distinguishes the NEET 2026 paper leak from previous examination security breaches is the specific insider access point: paper translators.

NEET-UG question papers are prepared in English and translated into multiple regional languages — Hindi, Gujarati, Tamil, Telugu, Bengali, and others — for candidates who opt to sit the exam in their preferred language. The translation process requires subject experts with dual competencies: deep knowledge of medical science and fluency in the target regional language. These are not external hackers or opportunistic actors. They are credentialed professionals brought into the examination pipeline at a controlled, secured stage of production.

According to the CBI investigation, the breach occurred within this translation network. Those arrested include paper translators, subject experts, and a chain of middlemen through whom the leaked paper moved. The CBI's findings indicate that the question paper changed hands multiple times at escalating prices before reaching candidates in multiple states, including Maharashtra, Rajasthan, and Delhi.

The accused named in the case include Shubham Khairnar, Manisha Waghmare, Prahalad Kulkarni, Manisha Mandhare, Manisha Sanjay Hawaldar, and Shivraj Raghunath Motegaonkar, among others. The geographic spread of arrests — Delhi, Jaipur, Gurugram, Nashik, Pune, Latur, Ahmednagar — reflects the multi-state distribution network through which the leaked paper was sold.

How the Network Operated

The paper translator attack surface is structurally different from the more frequently discussed "paper setter" or "printing press" vectors. Paper setters work at the earliest stage of question paper creation, typically in highly controlled environments. Printing presses operate at the physical distribution end of the pipeline.

Paper translators occupy a middle layer. They receive finalised question content, work on it over a defined translation window, and submit the translated version back into the pipeline. In a physical paper examination, this translation window — however brief and controlled — creates a human custody gap. The individual has access to the full question paper, the access is legitimate, and the control mechanisms rely primarily on contractual confidentiality obligations and physical supervision rather than technical enforcement.

Once a translated paper enters even one unsecured mobile device, the distribution economics of India's coaching ecosystem take over. A leaked NEET paper sold to a network of coaching centres at escalating prices — individual candidates paying as little as Rs 5 lakh each — generates returns that easily outweigh the professional and criminal risks for participants.

The June 21 Re-exam and Fresh Telegram Threats

As of June 4, 2026, with the NEET-UG re-exam 17 days away, new allegations have surfaced. A social media user posted claims that multiple Telegram channels are offering to sell the June 21 re-exam question paper. The NTA confirmed it had referred the alleged Telegram links to cybercrime authorities for verification. No confirmed leak of the re-exam paper had been established as of June 6, 2026.

The pattern — Telegram channels claiming paper possession ahead of a high-stakes exam — is a known feature of India's examination black market. Many such claims are fraudulent, designed to extract money from anxious candidates rather than to actually deliver leaked content. The Zee News reported that NTA itself issued an alert characterising several such posts as fake. But the distinction between fraud and genuine leak is not always visible to candidates who are deciding, under enormous pressure, whether to pay.

The persistence of these claims even after 13 arrests and sustained CBI investigation reflects a structural fact: as long as physical paper examinations exist, the market for leaked papers will exist, regardless of arrests made in any single cycle.

The Recommendation That Was Deferred

The Radhakrishnan Committee, which reviewed examination security following the 2024 NTA controversies, recommended migrating NEET-UG to Computer-Based Testing by 2026. The government announced that CBT migration would be deferred to 2027.

Computer-Based Testing fundamentally alters the examination security model. In a CBT, question delivery is individualised and randomised — no two candidates receive questions in the same order, and many implementations draw from item banks that generate effectively unique question sets. There is no single "paper" to leak. The translation process, as currently structured, does not apply in the same form. The attack surface the paper translator network exploited does not exist.

The Supreme Court, reviewing related petitions, observed that NTA appeared not to have absorbed the lessons of 2024. The observation was made before the full scope of the 2026 cancellation was established.

What the Investigation Reveals About Examination Security Architecture

The NEET 2026 CBI investigation provides a detailed case study in how human access control fails under economic pressure. Several structural observations apply across examination systems:

Legitimate access is the most dangerous access. The paper translators who are alleged to have enabled the leak had authorised access to the question paper. Perimeter security — biometric access to printing facilities, sealed envelopes, chain-of-custody protocols — does not address the threat posed by an insider who operates within those controls.

Chain-of-custody gaps compound at every handoff. A question paper that moves from setter to translator to typesetter to printer to courier and then to examination centres passes through multiple human hands. Each handoff is a potential breach point. Digital examination systems that generate and deliver content algorithmically at the moment of examination eliminate most of these handoffs.

Distribution economics are asymmetric. The cost to leak a paper is borne once. The returns are multiplied across every candidate who purchases access. This asymmetry means that deterrence through criminal prosecution alone — without architectural changes — produces limited results. Arrests after the fact do not undo the examination harm.

For institutions conducting their own examinations — university term-end exams, university entrance tests, departmental assessments — these dynamics are directly relevant. The shift from physical answer scripts and physical question papers to digital delivery and digital evaluation changes the threat model substantially. It does not eliminate security risk, but it removes the specific vulnerabilities that physical paper examination systems carry by design.

The Path Forward

The NEET 2026 crisis, and the criminal investigation it has produced, will shape examination security policy in India for years. The CBI's documentation of the paper translator network is the kind of forensic evidence that tends to drive regulatory change.

The examination scheduled for June 21, 2026, will be conducted in pen-and-paper OMR mode — the same format as the cancelled May exam. The government has announced enhanced security measures. Whether those measures will succeed in closing the vulnerabilities that the investigation has mapped remains to be seen. CBT migration to 2027 means at least one more cycle under the current structural constraints.

Related Reading