A Bengaluru Class 12 cybersecurity researcher gained access to CBSE's On-Screen Marking portal. He publicly demonstrated the breach after CBSE officials denied his previous vulnerability reports. This highlights the vulnerability of critical national examination infrastructure.
How We Got Here
The student, identified as Utsav Tiwari, had previously reported potential vulnerabilities to CBSE on February 15, 2026. CBSE officials dismissed these reports, claiming their systems were secure, which led to Tiwari's public demonstration.
The Numbers
- The researcher, Utsav Tiwari, initially reported potential vulnerabilities to CBSE on February 15, 2026.
- He specifically targeted the On-Screen Marking portal, crucial for Class 10 and 12 board exam evaluations.
- Tiwari shared screenshots and video proof of his access with MediaNama on May 22, 2026, verifying the breach.
- The portal handles the digital marking process for over 30 lakh (3 million) students nationwide.
What Happens Next
🇮🇳 Why This Matters for India
For edtech founders in Bangalore building student data platforms, this highlights the immense regulatory and security hurdles when handling sensitive academic information.
The Take
CBSE's repeated denials before a public breach expose a systemic issue: a lack of engagement with ethical hackers. This reactive approach leaves vital public infrastructure, like exam portals, dangerously exposed to malicious actors who won't seek permission first.
Source:
MediaNama ↗