CBSE’s On‑Screen Marking Portal Under Fire After Teen Cyber‑Researcher Exposes Critical Vulnerabilities

The Central Board of Secondary Education, long regarded as the principal custodian of India’s public examinations, finds its reputation unsettled by accusations that its On‑Screen Marking portal contains exploitations permitting illicit alteration of Class Twelve results. Nineteen‑year‑old cybersecurity researcher Nisarga Adhikary, operating from a modest university laboratory, reported to the national Computer Emergency Response Team an array of vulnerabilities, including unauthorised examiner logins, password‑reset subversions, and conceivable manipulation of student scores. According to his own chronology, the concerned disclosures were transmitted to CERT‑In in early February, yet the board’s digital assessment system remained ostensibly functional until a temporary suspension was ordered in late April, suggesting a protracted interval of inattention.

The apprehension engendered by these revelations reverberates through the corridors of senior secondary institutions, where aspirants to higher education and their families, often constrained by modest means, place singular reliance upon the integrity of scores that determine university admissions and scholarship eligibility. Such a scenario, wherein a digital interface potentially vulnerable to manipulation intersects with the decisive moment of meritocratic selection, magnifies existing socioeconomic disparities, for students lacking access to alternative verification channels may find their futures imperiled by opaque procedural failures.

In a formal communique dated 27 April, the CBSE asserted that the OSM portal had been voluntarily taken offline pending a comprehensive security audit, professing that no evidence of actual grade alteration had yet emerged, while simultaneously pledging to cooperate fully with investigative authorities. The board’s spokesperson, when questioned by the press, maintained that standard operating procedures for digital examinations had been rigorously observed, yet offered no quantitative data concerning the frequency of the alleged exploits nor elucidated the remedial steps already undertaken.

The episode underscores a broader pattern of infrastructural haste wherein governmental agencies, eager to showcase technological modernization, frequently eschew thorough risk assessment, thereby exposing not merely academic records but, by analogy, other vital citizen registries such as health insurance databases to analogous jeopardy. In the Indian context, where public health initiatives and educational advancement remain interdependent pillars of socioeconomic uplift, the possibility that a single unsecured portal could precipitate cascading mistrust across parallel digital services merits solemn reflection by policy architects.

Legal scholars have cited the Information Technology (IT) Act of 2000, particularly its provisions concerning unauthorised access and data integrity, as a potentially applicable instrument for redress, yet noted that enforcement mechanisms have historically suffered from procedural inertia and limited prosecutorial vigor. Moreover, the National Institute of Educational Planning and Administration, charged with overseeing systemic reforms, has previously admonished the board for inadequate audit trails in earlier electronic marking schemes, thereby establishing a precedent of institutional critique that now finds renewed relevance.

Consequently, the lingering opacity surrounding the OSM portal’s security posture has ignited a broader debate on the balance between digitisation and due diligence, compelling legislators, educators, and technologists to confront the latent hazards embedded within hastily deployed e‑assessment infrastructures. Should the Ministry of Education, empowered by statutory mandates to safeguard the veracity of national examinations, be compelled to publish a detailed, time‑stamped vulnerability assessment and outline concrete remedial timelines, thereby affording students, parents, and civil society unequivocal insight into the board’s risk‑management protocols? Might the existing grievance redressal mechanisms within the CBSE, which presently channel complaints through internal committees lacking independent oversight, be restructured to include external auditors appointed by the Comptroller and Auditor General, thus ensuring that any allegation of mark manipulation is examined with procedural transparency and statutory rigor? Is it not incumbent upon the Union Government to revisit and possibly augment the legislative framework governing digital examination platforms, introducing mandatory periodic penetration testing, enforceable penalties for non‑compliance, and a public registry of certified secure systems, thereby reconciling technological ambition with the constitutional promise of equal educational opportunity?

Published: May 26, 2026

Published: May 26, 2026