CBSE Addresses Social Media Claims of OSM Portal Breach: What You Need to Know

The Central Board of Secondary Education (CBSE) has officially dismissed claims of a breach in its On-Screen Marking (OSM) system, clarifying that the URL cited in social media posts is merely a testing site. The board emphasized that the actual evaluation platform remains secure and has not been compromised. A user, identifying as a cybersecurity researcher, had alleged vulnerabilities in the system, but CBSE reassured stakeholders about the integrity and security measures in place. For a comprehensive understanding of the situation, read the full article.

By Narendra Chaudhary May 26, 2026, 21:25 IST

CBSE Clarifies Misleading Claims About OSM System

New Delhi: The Central Board of Secondary Education (CBSE) has dismissed rumors circulating on social media about a supposed breach of its On-Screen Marking (OSM) system. The board clarified that the URL mentioned in these claims is merely a testing site, not the actual evaluation platform.

A user on social media alleged that the CBSE OSM portal, accessible via cbse.onmarks.co.in, was compromised on February 26, 2026. This assertion has led to several news articles, prompting CBSE to respond on X.

CBSE emphasized that the evaluation portal operates under a different URL, which remains secure and unaffected by the vulnerabilities mentioned in the social media post.

The board further explained that the URL cbse.onmarks.co.in is intended solely for internal testing and review, containing only sample data.

The board reassured that no actual evaluation data or marks are stored on the testing portal, and confirmed that no security breaches have been detected.

On May 22, a user claimed to have hacked the CBSE's OSM portal used for evaluating class 12 board exams, alleging the discovery of critical vulnerabilities.

Identifying himself as 'Nisarga', a self-proclaimed cybersecurity enthusiast, he stated in a blog post on X that he had previously reported vulnerabilities to CERT-In, but many remained unaddressed.

He claimed to have the ability to alter teacher names, roll numbers, and bank details on the CBSE site, even asserting that he could manipulate student marks.

In his blog, Nisarga detailed how he could log in as any examiner using a leaked master password, bypassing OTP verification and accessing internal pages without authentication.

He also mentioned being able to reset any examiner's password without knowledge of the current one, and manipulate marks and examiner details through systemic vulnerabilities.

In response, CBSE reiterated that its system is designed with robust safeguards to ensure transparency and address grievances effectively.

The board reassured stakeholders about the integrity of the deployed platform and the strong measures in place to mitigate any potential vulnerabilities.