CBSE Answer Sheet Row: Class 12 Student Nisarga Adhikary Claims He Hacked On-Screen Marking Portal, Board Issues Clarification

The Central Board of Secondary Education (CBSE) has strongly dismissed viral social media reports alleging that a 19-year-old cybersecurity researcher, Nisarga Adhikary,  exposed critical security vulnerabilities in its newly introduced On-Screen Marking (OSM) system. While the board faces ongoing pressure from students and parents over post-result administrative glitches, it clarified that the portal allegedly breached by the teenager was merely an isolated internal testing environment containing simulated data, and that its active evaluation infrastructure remains completely uncompromised.

The controversy erupted following a technical blog post by Nisarga Adhikary, a Class 12 student and independent cybersecurity researcher, who claimed he discovered vulnerabilities in February that could theoretically allow unauthorised users to modify student marks. CBSE Answer Sheet Row: Board Admits Blunder, Issues Correct Answer Sheet to Class 12 Student Vedant Shrivastava Who Raised Issue.

I Had Hacked CBSE's OSM (On-Screen Marking Portal) in February, Says Nisarga Adhikary

Teen Researcher Nisarga Adhikary Claims System Exploits

In a detailed technical blog titled "Exposing Critical Vulnerabilities in CBSE's On-Screen Marking Portal," Adhikary asserted that his curiosity was piqued when CBSE transitioned to full-scale digital assessments for Class 12 papers this year. Investigating the public web application's source code, Adhikary claimed he discovered severe architectural flaws, including a "hardcoded master password" embedded within the frontend JavaScript file and client-side One-Time Password (OTP) validation.

"I was able to log in as an examiner and reach the evaluation dashboard, where I could view and edit marks," Adhikary wrote in his blog. Describing the OTP verification process as "pure theatre", the researcher explained that the system allegedly transmitted the correct OTP code straight to the browser's local terminal. "The secret you're supposed to prove you received is handed straight to your browser, and the browser grades its own test," he asserted.

Adhikary stated that he formally documented these security gaps and submitted them to the Indian Computer Emergency Response Team (CERT-In) in February. While some minor points were adjusted, he maintained that multiple vulnerabilities went unpatched for months.

CBSE Issues Clarification After Nisarga Adhikary's Claims

CBSE Rejects Breach Reports, Clarifies Live Safeguards

Responding swiftly to the online traction generated by the allegations, the CBSE issued an official statement rubbishing claims of a data breach or system-wide vulnerability. The board clarified that the web address analysed by Adhikary did not represent the operational infrastructure used by real-world evaluators. "At the outset, it is clarified that the Portal used for evaluation of answer-books bore a different URL, which has neither been compromised nor does it have the vulnerabilities indicated in the said social media post," the CBSE stated in a public clarification. "The URL: http://cbse.onmarks.co.in is the testing site only with sample data for internal testing and review purposes," CBSE added.

The national education board emphasised that the live production application deployed for actual evaluation contains rigorous, multilayered safety parameters. Officials assured the public that no security breaches have been detected within the live grading database and reiterated that robust safeguards are in place to preserve the complete integrity and transparency of the marking data.

Broader Scrutiny Surrounding the Digital Upgrade

The cybersecurity row surfaces at a highly delicate time for the board, which oversaw the digital scanning and evaluation of roughly 98 lakh answer booklets for the 2026 Class 12 term. Over the past week, the digital assessment initiative has faced intense scrutiny from students, parents, and educators following high-profile administrative issues. The system came under fire after CBSE was forced to officially rectify an answer-sheet mix-up in Delhi, where a student was mistakenly issued another candidate's scanned Physics script under his own roll number. Furthermore, when the online re-evaluation portal opened on May 19, an overwhelming volume of traffic led to immediate server instabilities, leaving students stranded mid-transaction with payment processing delays and broken download links.

Independent educationists and teachers’ groups have also alleged that the scanning pipeline suffered from quality control issues. According to data tracked during the evaluation cycle, more than 68,000 answer booklets required emergency re-scanning due to poor image resolution, with families complaining that the resulting copies provided for post-result verification were frequently blurred, rotated, or missing critical pages. CBSE Class 12 Answer Sheet Photocopy 2026: Board To Refund Extra Charges Deducted in Scanned Copy Applications in Class 12 Post-Result Process.

Calls for Audit and Structural Transparency

While the CBSE maintains that its live network is entirely secure and governed by standardised grievance redressal procedures, the intersecting controversies have prompted calls for an independent review of its technical infrastructure. Academic experts point out that even when data anomalies are restricted to staging environments or localised scanning bottlenecks, any discrepancy within a system handling millions of student records risks fracturing public trust during the high-stakes college admissions season. Union Education Minister Dharmendra Pradhan has reportedly requested a comprehensive status report from the CBSE regarding the deployment challenges of the OSM framework, as local education bodies push for a formal technical audit to prevent future logistical bottlenecks.

(The above story first appeared on LatestLY on May 26, 2026 10:00 PM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website latestly.com).