The Central Board of Secondary Education (CBSE) has deployed a specialised team of cybersecurity experts from IIT Madras, IIT Kanpur, and multiple government agencies to conduct a comprehensive security audit of its On-Screen Marking (OSM) portal used for Class 12 board exam evaluation. In an official statement posted on X on May 31, 2026, the board confirmed: “The identified vulnerabilities have been contained, and other exploitable weaknesses are being ruled out.”
This marks a significant escalation in the CBSE’s response to what has become one of the biggest controversies in Indian board exam history. The board acknowledged that cybersecurity flaws existed within the system and that immediate expert intervention was necessary — a significant shift from its earlier position that the portal was secure.
What Were the Vulnerabilities Found in the CBSE OSM System?
Security researchers and ethical hackers who flagged concerns alleged the following critical flaws:
- A hardcoded master password embedded in publicly accessible source code, allowing unauthorised access
- Exposed one-time passwords (OTPs) visible directly in browsers without authentication
- Ability to reset evaluator passwords without authorisation
- Potential to alter or access student marks stored in the portal
- An Amazon Web Services (AWS) cloud storage bucket containing scanned 2026 exam records was allegedly publicly accessible without any login required
- Ethical hacker Nisarga Adhikary further alleged that scanned answer sheets and question papers in the AWS repository could be browsed and downloaded without authentication
CBSE’s Official Action Plan
| Action Taken | Details |
|---|---|
| Expert Team Deployed | IIT Madras, IIT Kanpur, Digital Infrastructure Corporation of India |
| Work Duration | Security teams working for several days |
| Status of Known Vulnerabilities | Contained |
| Migration Status | Platform being moved to a more secure environment |
| Ethical Hacker Engagement | CBSE has directly contacted some researchers |
| Security Contact Email | secy-cbse@nic.in |
What the CBSE Said Officially
- “We are grateful to all alert citizens and ethical hackers pointing out such weaknesses, and have gotten in touch with some of them directly.”
- “We request any others to reach out to our security teams at secy-cbse@nic.in for any further inputs.”
- The board confirmed that previously identified vulnerabilities have been contained and a broader review continues
Impact on Students and the Post-Result Process
- Despite the security concerns, the CBSE Class 12 Post-Result Activities portal went live on June 1, 2026 as announced
- Students can now apply for scanned answer book copies, verification of marks, and re-evaluation at cbse.gov.in
- CBSE assured students that the portal has undergone security hardening before the June 1 launch
- A student Sarthak Sidhant had earlier raised concerns about the OSM procurement and tendering process, adding another dimension to the controversy
What Is the OSM System?
The On-Screen Marking (OSM) system was introduced for the first time in 2026 for evaluating CBSE Class 12 board answer sheets. Under this system:
- Physical answer sheets are scanned and uploaded to an online portal
- Evaluators (teachers) mark answers digitally on screen instead of on physical paper
- Results are compiled and processed digitally
- The system was designed to improve transparency, speed, and accuracy of evaluation
Parliamentary Concern: CPI(M) MP John Brittas wrote to Education Minister Dharmendra Pradhan, citing complaints from students about blurred scans, missing step marks, and evaluation discrepancies, and seeking an independent review of the entire OSM roll-out.
