Breaking News

CBSE Portal Flaw Sparks Cybersecurity Debate

30 May, 2026

A cybersecurity controversy erupted after Nisargha Adhikari, a Class 12 student and ethical hacker, revealed that he was able to gain access to the CBSE OSM portal in just 30 minutes. According to his claims, the vulnerability allowed modifications to sensitive information, including marks, teacher details, account numbers, and examination records.

Rather than exploiting the flaw, Nisargha followed responsible disclosure practices and informed CBSE about the issue on February 25. He reportedly alerted the board months before the matter became public, expecting corrective action to be taken before any potential misuse occurred.

The issue gained national attention after Nisargha discussed the vulnerability during a media interview. In response, CBSE issued a clarification stating that the student had only accessed a testing environment containing sample data and that no actual student records or sensitive information had been compromised.

However, the explanation quickly came under scrutiny. Nisargha publicly challenged the statement, claiming that the vulnerability still existed. To support his position, he demonstrated that he could continue accessing the affected system even after CBSE's clarification was released.

The situation intensified when CBSE withdrew its initial statement and issued a revised clarification, acknowledging an inadvertent error related to the portal link. Yet, Nisargha once again tested the system and maintained that the security weaknesses remained unresolved.

As the controversy spread, members of the broader cybersecurity community joined the discussion. Several researchers and ethical hackers independently examined the issue and highlighted concerns similar to those raised by the student, lending credibility to his findings.

The incident underscores the growing importance of proactive cybersecurity practices, transparent vulnerability management, and effective engagement with ethical hackers. It also serves as a reminder that organizations handling critical educational data must respond swiftly to security disclosures to maintain public trust and protect digital infrastructure.