India’s Education Board Faces Scrutiny Over Digital Marking System Vulnerabilities

India’s Central Board of Secondary Education (CBSE) has come under formal scrutiny following the revelation of critical cybersecurity vulnerabilities and operational flaws in its On-Screen Marking System (OSM) for class 12 exam evaluations. The controversy erupted in mid-2026, prompting public protests, media attention, and parliamentary hearings focused on the governance and safety of digital public infrastructure.

What Happened

On May 15, 2026, widespread public outcry followed the announcement of class 12 exam results scored using the CBSE’s newly implemented OSM platform. Students and parents reported glaring errors in marks and technical failures in the portal. Earlier, on February 25, 2026, a 19-year-old cybersecurity researcher, Nisarga Adhikary, had alerted India’s Computer Emergency Response Team (CERT-In) to five critical vulnerabilities in the OSM portal. After months without remedial action, Adhikary publicly disclosed these flaws on May 22, intensifying calls for official accountability.

Key Facts

• CBSE launched the On-Screen Marking System (OSM) for evaluating over 1.8 million class 12 students nationwide in 2026.
• On February 25, 2026, Nisarga Adhikary reported multiple security flaws in OSM to CERT-In but received only a boilerplate response.
• Discovered vulnerabilities included exposed master passwords in JavaScript, client-side authentication checks, and impersonation risks allowing unauthorized access to other examiners’ records.
• On May 22, 2026, after a nearly three-month delay, Adhikary disclosed the security issues publicly.
• CBSE initially denied a “massive data leak” but later acknowledged vulnerabilities in the portal following intensified scrutiny.
• The contract for the OSM platform was awarded to Coempt EduTeck, a vendor previously linked to a 2019 exam scandal leading to student suicides.
• Parliamentary Standing Committee on Education held hearings starting June 2, 2026, with testimony from affected students and inquiry into procurement and security audits.
• Certification and security audits by CERT-In, as mandated in the contract, were reportedly conducted but the reports remain undisclosed publicly.

Why It Matters

The CBSE’s OSM system’s lapses raise critical concerns about the security and transparency of India’s digitized public services, particularly those impacting education—a sector central to millions of young Indians’ futures. The financialization of re-evaluation services through the portal adds socioeconomic barriers, exacerbating inequalities. Inadequate technical safeguards and delayed responses highlight governance challenges in securing sensitive student data and ensuring fair academic assessment. The controversy has fueled distrust among a vulnerable demographic during a period of high youth unemployment and digital activism.

Background

The OSM system was introduced with promises of efficiency and transparency, aligned with India’s broader push towards digitizing public infrastructure as framed by the 2011 Technology Advisory Group for Unique Projects (TAGUP) Report authored by Nandan Nilekani. However, successive exam result scandals, including paper leaks and previous contract controversies, have undermined public confidence. The 2019 Telangana intermediate exam crisis, linked to the same vendor involved in the current portal, remains a warning precedent.

Analysis

Legal and policy observers highlight the disconnect between contractual cybersecurity requirements and actual oversight, noting the absence of transparent public audits undermines trust. The delayed CERT-In response and lack of direct engagement with the responsible ethical hackers illustrate gaps in cyber governance frameworks. Experts see the digital marking system debate as symptomatic of a broader problematic approach to forced digitization without sufficient human judgment or accountability safeguards, as argued by academic voices like Prof. Anita Rampal and cited public commentators.

Who Is Affected

• Over 1.8 million Indian class 12 students who sat for the 2026 CBSE board examinations.
• Indian parents, educators, and exam evaluators subjected to flawed digital interfaces and procedural delays.
• Government bodies, including CBSE and CERT-In, responsible for education administration and cybersecurity enforcement.
• Vendors like Coempt EduTeck involved in delivering critical digital infrastructure.
• The broader youth demographic who increasingly rely on digital platforms for civic engagement and education.

What Remains Unclear

• Whether the full scope of CERT-In’s security audits was adequately conducted and why detailed reports remain undisclosed.
• The extent of remedial measures taken by CBSE and associated government bodies following the vulnerability disclosures.
• Pending legal or regulatory repercussions for vendors or officials involved in the OSM system procurement and deployment.
• How the financial structure of re-evaluation fees will evolve in response to critiques over economic discrimination.

What Comes Next

• The Parliamentary Standing Committee on Education’s ongoing inquiry, including testimonies and investigations into the OSM system and procurement processes.
• Potential future policy or regulatory actions to strengthen digital governance and cybersecurity standards for government platforms.
• Follow-up statements or actions from CERT-In regarding cybersecurity enforcement and transparency.

Read more Cybersecurity stories on Goka World News.