CBSE Faces Cybersecurity Crisis as Ethical Hacker Exposes OSM Portal Vulnerabilities
CBSE Cybersecurity Put To The Test: 19-Year-Old Ethical Hacker Flags 'OSM Portal Flaws', Board Rejects Claims
Image: News 18
A 19-year-old cybersecurity researcher, Nisarga Adhikary, has flagged critical vulnerabilities in the Central Board of Secondary Education's On-Screen Marking (OSM) portal. He claims these flaws could allow unauthorized access to examiner accounts, risking the integrity of marks for over two million students. CBSE disputes these claims, asserting that the affected URL was merely a testing platform.
- 01Nisarga Adhikary discovered vulnerabilities in the CBSE OSM portal on February 25, 2026, and reported them to CERT-In.
- 02The vulnerabilities included a hardcoded master password and insecure frontend architecture, allowing potential unauthorized access to examiner accounts.
- 03CBSE officials claim the core database remains secure and that the portal was taken offline for security optimization after the vulnerabilities were reported.
- 04The controversy has intensified amid complaints about post-result discrepancies from students and parents.
- 05Government sources assert that rigorous security measures are in place to protect student data from unauthorized alterations.
Advertisement
In-Article Ad
The Central Board of Secondary Education (CBSE) is facing scrutiny following claims by 19-year-old cybersecurity researcher Nisarga Adhikary, who identified serious vulnerabilities in its On-Screen Marking (OSM) portal. Adhikary's findings, detailed in a blog post, suggest that these flaws could enable unauthorized users to bypass verification systems and manipulate marks for over two million Class 12 students. He reported these issues to the Indian Computer Emergency Response Team (CERT-In) on February 25, 2026, but alleged that many flaws remained unaddressed for months. The vulnerabilities included a hardcoded master password visible in the portal's JavaScript code, allowing attackers to bypass One-Time Password (OTP) verifications. CBSE has responded by stating that the URL mentioned in the claims was a testing platform and that their main database remains secure. Despite these assurances, the timing of the disclosures coincides with growing complaints about discrepancies in student results, raising concerns about the board's digital security protocols.
Advertisement
In-Article Ad
The reported vulnerabilities could undermine the integrity of academic evaluations for millions of students, affecting their future opportunities.
Advertisement
In-Article Ad
Reader Poll
Do you trust the CBSE's handling of cybersecurity issues?
Connecting to poll...
More about Central Board of Secondary Education
CBSE Denies Hacking Claims on On-Screen Marking Portal Security
Asianet Newsable • May 26, 2026
CBSE Clarifies No Security Breach in On Screen Marking System Amid Viral Claims
The Economic Times • May 26, 2026
CBSE's Three-Language Policy Faces Backlash from Parents and Students Across India
The Times Of India • May 26, 2026
Read the original article
Visit the source for the complete story.