The Central Board of Secondary Education (CBSE) confirmed that cybersecurity experts from IIT Madras, IIT Kanpur, and the Digital Infrastructure Corporation of India have successfully contained all identified security vulnerabilities in the On-Screen Marking (OSM) portal. The board issued an official statement confirming that the platform is being migrated to a more secure environment and additional checks are ongoing to rule out any remaining weaknesses.
In its official X post, CBSE stated: “The identified vulnerabilities have been contained, and other exploitable weaknesses are being ruled out. We are grateful to all alert citizens and ethical hackers pointing out such weaknesses.”
Security Vulnerabilities That Were Found and Fixed
| Vulnerability | Status |
|---|---|
| Hardcoded master password in publicly accessible code | Contained |
| Exposed one-time passwords visible in browsers | Fixed |
| Ability to reset evaluator passwords without authentication | Fixed |
| AWS cloud storage bucket with publicly accessible answer sheets | Under final review |
| Malicious attack on HDFC payment gateway | Resolved |
| Platform migration to secure environment | In progress |
CBSE’s Call to Ethical Hackers
The board has publicly thanked Nisarga Adhikary (age 19) and student researcher Sarthak Sidhant for flagging critical vulnerabilities. CBSE has invited anyone who identifies further issues to write directly to:
Security Contact Email: secy-cbse@nic.in
Impact on Students
- The Post-Result Activities portal is now operational with upgraded security from June 1, 2026
- Students can proceed with re-evaluation applications at cbse.gov.in without hesitation
- CBSE has assured that no student marks were compromised during the security incident
A parliamentary concern was also raised by CPI(M) MP John Brittas, who wrote to Education Minister Dharmendra Pradhan seeking an independent review of the entire OSM rollout process.
