New Delhi:
The Central Board of Secondary Education (CBSE) on Tuesday evening strongly rejected a claim made by a social media user alleging that its On-Screen Marking (OSM) system, hosted at the URL cbse.onmark.co.in was compromised on February 26. The claim has also formed the basis of a few news reports.
The allegation, which was widely circulated on social media, triggered significant backlash against CBSE from students, parents, and educators, raising concerns over the integrity of the evaluation system and questioning how the OSM and the broader examination process could be trusted if such a breach had occurred. Amid the growing outrage, the Board issued a clarification.
In an official statement, CBSE clarified that the portal used for the evaluation of answer scripts operates on a different URL, which has neither been compromised nor shown any vulnerabilities as suggested in the social media post.
“At the outset, it is clarified that the portal used for evaluation of answer books bore a different URL, which has neither been compromised nor does it have the vulnerabilities indicated in the said social media post. The URL cbse.onmark.co.in is a testing site only with sample data for internal testing and review purposes. There are no actual evaluation data, marks or other data held on that portal. The Board emphasises that no security breaches have come to light on the portal deployed for the actual evaluation work,” CBSE said.
Clarification Regarding Claim of Compromise of CBSE OSM Portal
In a post made by a user on social media, it has been claimed that the CBSE On Screen Marking (OSM) bearing URL: https://t.co/cuLrvsxzOH was compromised by him on 26.02.2026. This has also formed the basis for a few…
— CBSE HQ (@cbseindia29) May 26, 2026
The Board further reiterated that the OSM system has been implemented to enhance transparency in assessments, with robust grievance redressal mechanisms and safeguards to ensure the integrity of the evaluation process.
Reacting to CBSE’s clarification, the social media user, identified as Nisarga, questioned the explanation, asking how production data could have been accessed on the site. The user also claimed that mirror sites under the same domain had similar vulnerabilities and shared screenshots as evidence.
then how I was able to access production data on that site? all of the mirrors you had under the onmark domain had the same vulnerabilities.
it’s sad that you can’t even investigate security reports properly. attaching screenshots as proof. https://t.co/zTEX8P7Eq1 pic.twitter.com/BiiXxzvuh2
— nisarga (@ni5arga) May 26, 2026
“Then how was I able to access production data on that site? All of the mirrors you had under the onmark domain had the same vulnerabilities. It’s sad that you can’t even investigate security reports properly. Attaching screenshots as proof,” the user posted on X.
