CBSE Admits Vulnerabilities In OnMark Portal; Deploys IIT & Govt Cyber Experts, Thanks Ethical Hackers And Alert Citizens

The Central Board of Secondary Education (CBSE) issued a statement on Sunday via social media addressing concerns about vulnerabilities discovered in its OnMark portal, which is managed by its service provider. The issue had been highlighted in the public domain, prompting the Board to initiate immediate corrective action.

In its social media post, CBSE acknowledged and contained vulnerabilities found in the OnMark portal managed by its service provider, following their exposure by a teenage ethical hacker. CBSE thanked ethical hackers and alert citizens for flagging the issues and said that corrective measures are being taken to enhance the platform’s security.

The Board further stated that cybersecurity experts from multiple government departments and Indian Institutes of Technology (IITs) have been deployed to review and strengthen the system.

CBSE Official Statement On Portal Security

In its official response, CBSE said: “We have been closely monitoring the vulnerabilities in the OnMark portal of our service provider that are being flagged in the public domain. An expert team of cybersecurity professionals has been deployed over the last few days from across various arms of the government as well as the IITs to fortify these systems, including taking them over to a more secure set up. The identified vulnerabilities have been contained, and other exploitable weaknesses are being ruled out.”

The board further added that the identified issues have already been contained, and additional checks are underway to ensure that no further exploitable weaknesses remain in the system.

Appreciation For Ethical Hackers And Citizens

CBSE also acknowledged the role of citizens and ethical hackers who helped bring attention to the issue. “We are grateful to all alert citizens and ethical hackers pointing out such weaknesses, and have gotten in touch with some of them directly.”

Contact Details Shared For Further Inputs

CBSE has also requested individuals with further security concerns or technical inputs to reach out directly to its cybersecurity team. “We request any others to reach out to our security teams at secy-cbse@nic.in for any further inputs.”

The remark follows allegations made by 19-year-old ethical hacker Nisarga Adhikary, who pointed out security issues in CBSE’s digital evaluation system. In a blog, he said he discovered several weaknesses in the On-Screen Marking (OSM) portal that might have allowed unauthorized access to evaluation features.

Additionally, a 17-year-old Class 12 student became a key voice in the CBSE OSM issue after carefully reviewing the Board’s tender documents. Sarthak Sidhant claimed that CBSE had relaxed some important eligibility and security rules during the tenderprocess, which he believes helped Hyderabad-based Coempt Eduteck win the On-Screen Marking (OSM) contract.

Published on: Sunday, May 31, 2026, 02:00 PM IST