A national school exam board in India said it has been monitoring and has contained vulnerabilities in its online grading portal for one of the country’s most important school-leaving exams that were first flagged by a teenage cybersecurity researcher. The Central Board of Secondary Education (CBSE), run by the government and one of India’s main school exam boards, said in an X post that it has been “closely monitoring” weaknesses in the OnMark portal – an online grading website for teachers – after they were
flagged publicly. The portal, which was first introduced in 2026, uploads scanned copies of physical answer book of students for teachers to grade digitally. The controversy stems from complaints by students that their physical answer sheets did not match the digital versions shared by the education board upon request for re-evaluation. The incident has sparked outrage on social media platforms, forcing the CBSE and the country’s Education Minister Dharmendra Pradhan to address the concerns. In India, millions of students every year sit for the crucial
exam that is a gateway for further higher studies. In 2026, around 1.8 million took the exam across the country, according to a statement by the CBSE. The board announced the result of the exams on May 13. “The identified vulnerabilities have been contained, and other exploitable weaknesses are being ruled out,” the board said in the post. Cybersecurity experts from government agencies and top engineering colleges had been deployed over the past several days to strengthen the systems, including moving them to “a more
secure set up”, it said. It is the latest episode to beset India’s education industry that was earlier in May rocked by the annulment of a national exam for medical students after a probe. It has also raised questions about the security of digital exam-marking infrastructure in one of the world’s largest school systems and heightened pressure on Prime Minister Narendra Modi’s administration to address the issues. In a blog post on May 22, teenage cybersecurity researcher Nisarga Adhikary flagged that the online grading portal
used by CBSE could have permitted a full takeover of an examiner’s account, and potentially allowed tampering with marks or disruption of the grading process. Adhikary, said, he had disclosed five critical vulnerabilities in the On-Screen Marking portal to the country’s Computer Emergency Response Team on Feb 25. The emergency response agency acknowledged the disclosure with a standard email but did not follow up, he said. CBSE last week said that its grading portal was neither compromised nor does it have the vulnerabilities flagged in
a social media post. It emphasised that no security breaches came to light. The issue has drawn scrutiny on Pradhan, with the country’s largest opposition party leader Rahul Gandhi on May 29 calling for a court-led inquiry into the award of contract to the external agency responsible for operating and maintaining the grading portal. BLOOMBERG
CBSE, OnMark, On-Screen Marking portal, cybersecurity vulnerabilities, Nisarga Adhikary, Computer Emergency Response Team, Dharmendra Pradhan, Rahul Gandhi, exam re-evaluation, medical exam annulment, Narendra Modi