CBSE denies OSM portal breach; claims evaluation facility has ‘different URL’
Vaishnavi Shukla | May 26, 2026 | 08:55 PM IST | 1 min read
CBSE clarified that cbse.onmark.co.in is a testing site, not its actual OSM portal, amid claims by a Class 12 student that he bypassed the site’s login and access controls
50+ Entrance Exams after 12th
Download this ebook to explore 50+ entrance exams after Class 12 for admission into top undergraduate colleges across engineering, management, law & more.
Download Now
In response to security concerns raised by 19-year-old student and ethical hacker Nisarga Adhikary, the Central Board of Secondary Education (CBSE) has clarified breached site, cbse.onmark.co.in, is an internal testing platform and not the actual OSM evaluation portal. The Class 12 student claimed that he was able to bypass parts of the CBSE OSM portal’s login and access-control systems.
Adhikary posted a thread on X and a detailed blog post claiming that he was able to bypass parts of the CBSE OSM portal’s security measures. He also said that issues were reported privately to CERT-In, India’s cybersecurity response agency, months back.
The student’s post quickly went viral on social media, with cybersecurity professionals, students, and educators questioning the transparency of the national-level exam system. CBSE introduced on-screen marking from this year onwards, and all CBSE Class 12 papers were checked on that portal.
CBSE's clarification on hacked OSM portal
According to CBSE's post on X, "cbse.onmarks.co.in" is an internal testing site with sample data for review purposes and no actual evaluation data, marks, or other data have been added to that portal.
"There are no actual evaluation data, marks or other data held on that portal. The Board emphasises that no security breaches have come to light on the Portal deployed for the actual evaluation work," CBSE said in a post on X.
However, following the CBSE's statement, Adhikary rejected the board's claim that the affected systems were used only for internal testing, claiming that he has proof of CERT-In acknowledgements.
"If this was test data – how I was able to log in with prod user data completely? I have a screen recording of it and proof of CERT-In acknowledging it," the student said in a recent post on X.
Adhikary further alleged that multiple domains under onmark – cbse1.onmark.co.in, cbse2.onmark.co.in, cbse3.onmark.co.in and cbse4.onmark.co.in – showed the same vulnerabilities.
Add as a preferred source on googleFollow us for the latest education news on colleges and universities, admission, courses, exams, research, education policies, study abroad and more..
To get in touch, write to us at news@careers360.com.
Next Story
]Kerala student protests turn violent; police use water cannons amid SFI-KSU clash after union polls
Violence broke out during SFI protests across Kerala following alleged clashes with KSU activists after university union poll results. Police used water cannons in multiple districts as tensions escalated.
Press Trust of IndiaLatest Education News
]Related News
]‘People called us anti-national’: CBSE student says board sends correct answer sheet after social media outcry
Password in public? CBSE OSM portal under lens after 19-year-old hacker claims to bypass security measures
CBSE portal stable for over 72 hours; glitches under probe says IIT Madras director Kamakoti
