The Central Board of Secondary Education (CBSE) has stated that vulnerabilities identified in the OnMark portal of its service provider have been contained and additional measures are being taken to enhance the platform’s security.
The board said it has been actively monitoring the issues that were recently highlighted in the public domain and is working with cybersecurity experts to further strengthen its systems.
Cybersecurity Experts and IIT Teams Involved
According to CBSE, a team of cybersecurity professionals from various government agencies and leading IITs has been deployed to fortify the system.
The board said efforts are underway to migrate the platform to a more secure environment and ensure stronger protection against potential threats.
CBSE Thanks Ethical Hackers
CBSE also acknowledged the role played by ethical hackers and concerned citizens who reported the vulnerabilities.
In its statement, the board expressed gratitude to individuals who responsibly highlighted potential weaknesses and said it had directly contacted some of them regarding the matter.
CBSE people didn’t configure their AWS bucket properly and now we can paginate & enumerate all their media which has 2026 answersheets & question papers. ListObjectsV2 works without any auth and the bucket root is listable too — anyone on the internet can download any scanned… pic.twitter.com/Jy6MMyHzbP
— nisarga (@ni5arga) May 31, 2026
Vulnerabilities Alleged in Evaluation Ecosystem
The issue gained attention after 19-year-old ethical hacker Nisarga Adhikary claimed to have discovered multiple security flaws within CBSE’s digital evaluation ecosystem.
In a blog post, Adhikary alleged that vulnerabilities in the On-Screen Marking (OSM) portal could potentially allow unauthorized access to examiner accounts and evaluation-related functions.
CBSE Denies Breach of Live Evaluation Platform
CBSE had earlier rejected claims that its actual evaluation platform had been compromised.
The board clarified that the URL circulating on social media referred to a testing portal containing sample data and was not connected to the live system used for evaluating answer sheets.
Fresh Allegations Over AWS Storage Access
In a subsequent social media post, Adhikary alleged that an AWS storage bucket containing scanned answer sheets and question papers from 2026 could be accessed without authentication.
He claimed that files could potentially be viewed and downloaded due to improper configuration settings. Screenshots shared online appeared to show directories containing scanned answer booklets.
Political Reactions Follow
The controversy also drew political attention, with Congress leader Jairam Ramesh raising concerns over the alleged exposure of student data.
Ramesh described the issue as a major privacy concern and called for accountability if sensitive educational records had indeed become publicly accessible.
Investigation and Security Measures Continue
While allegations regarding data exposure continue to be debated, CBSE maintains that it has already contained the identified vulnerabilities and is working closely with cybersecurity experts to further secure its digital infrastructure.
The board has reiterated its commitment to protecting student information and ensuring the integrity of its evaluation systems.
