Sunday, 31 May 2026 –
The Central Board of Secondary Education confirmed on Sunday that it is actively monitoring and addressing vulnerabilities in its On-Screen Marking (OSM) system, admitting that a team of cybersecurity professionals from government intelligence agencies and IITs has spent the last several days patching the system.
The controversy erupted after 19-year-old ethical hacker Nisarga Adhikary, a fresh Class 12 graduate, publicly disclosed vulnerabilities in the CBSE’s OSM portal — the system used for evaluating board exam papers — alleging a “master password” was openly visible in the website’s frontend code, allowing bypass of OTP verification entirely. The fallout has turned political. Congress MP Jairam Ramesh alleged that the answer booklets of 20 lakh Class 12 students were available in the public domain, calling it “a massive data leak that put the privacy of millions of students at risk.” The CBSE has repeatedly rejected these charges, insisting the portal used for actual evaluation bore a different URL that was neither compromised nor vulnerable.
Opposition Leader Rahul Gandhi has also questioned the government’s handling of the edtech contract awarded for scanning answer booklets, making this a fully-blown parliamentary controversy with implications for results of millions of students.
