Was CBSE’s OSM portal hacked? Here’s what a 19-year-old’s claims reveal; board denies security breach

CBSE has denied claims that its actual evaluation portal was compromised, stating that the URL mentioned in the allegations was that of a testing site containing sample data.

DH Online

Last Updated : 27 May 2026, 06:30 IST

Join Us

Prefer

Quick summary - click for full details

Concise summary of key highlights

Was CBSE’s OSM portal hacked? Here’s what a 19-year-old’s claims reveal; board denies security breach

In one line

A 19-year-old cybersecurity researcher claims to have hacked CBSE’s OSM portal, but the board denies any breach occurred.

Key points

• Hacker’s allegations

A 19-year-old cybersecurity enthusiast, Nisarga, claimed to have exploited multiple vulnerabilities in CBSE’s OSM portal in February 2024, including hardcoded passwords and weak authentication, and reported them to CERT-In.

• CBSE’s denial

CBSE denied any compromise of its actual evaluation portal, stating the referenced URL was a testing site with sample data and no live information.

• Portal vulnerabilities

The alleged issues included client-side OTP validation, weak route protection, password reset flaws, and Insecure Direct Object Reference (IDOR) vulnerabilities allowing user impersonation.

• Government intervention

The Union Education Ministry has deployed IIT Madras and IIT Kanpur experts to audit the OSM system’s technical infrastructure.

Processed with AI. Reviewed by DH Digital Team.

I had hacked CBSE's OSM (On-Screen Marking Portal) in February and had reported the vulnerabilities to CERT-In, but they were unable to patch most of them.

I've written a detailed blog post about it here: https://t.co/qyT23GkTEJ
— nisarga (@ni5arga) May 22, 2026

Clarification Regarding Claim of Compromise of CBSE OSM Portal

In a post made by a user on social media, it has been claimed that the CBSE On Screen Marking (OSM) bearing URL: https://t.co/cuLrvsxzOH was compromised by him on 26.02.2026. This has also formed the basis for a few…
— CBSE HQ (@cbseindia29) May 26, 2026

🧵 [1/4] CBSE is claiming that the portal wasn't compromised but here's some video evidence proving that there was indeed a security lapse from their side which leaked the master password and it could be used to gain unauthorized access the portal which had prod data pic.twitter.com/3Kn5uZnEZc
— nisarga (@ni5arga) May 26, 2026

Published 27 May 2026, 06:30 IST

India News Education CBSE cybersecurity CBSE Exam Board Exam hacked

Was CBSE’s OSM portal hacked? Here’s what a 19-year-old’s claims reveal; board denies security breach

Was CBSE’s OSM portal hacked? Here’s what a 19-year-old’s claims reveal; board denies security breach

Follow us on :

Follow Us