CBSE has responded to allegations made by cybersecurity researcher Nisarga Adhikary, who claimed that scanned Class 12 answer sheets and question papers were publicly accessible online due to an insecure cloud storage configuration. The issue surfaced after the 19-year-old ethical hacker shared screenshots and technical details on social media alleging that an Amazon Web Services (AWS) bucket linked to examination records lacked proper authentication.
The claims triggered concerns among students, parents, and cybersecurity experts regarding the security of confidential academic records and the handling of digital examination infrastructure.
Nisarga Adhikary Claims Answer Sheets Were Publicly Accessible
In a viral social media post, Nisarga Adhikary alleged, "CBSE people didn't configure their AWS bucket properly," adding that "anyone on the internet can download any scanned booklet." He further claimed that multiple institutions were using the same storage bucket, calling the setup "insanely insecure."
Screenshots shared online appeared to show scanned answer booklets from the 2026 examinations allegedly accessible through the portal. A sample answer booklet circulating online showed multiple scanned pages, including handwritten responses, evaluation sheets, and blank continuation pages reportedly accessed through the exposed storage system.
Adhikary had reportedly emailed the issue to CERT-In nearly 3-4 days before the matter gained wider public attention.
CBSE Says Vulnerabilities Have Been Contained
Responding to the allegations, CBSE said, "We have been closely monitoring the vulnerabilities in the OnMark portal of our service provider that are being flagged in the public domain."
The board added that "an expert team of cybersecurity professionals" from various government departments and IITs had been deployed to strengthen the systems. CBSE further stated, "The identified vulnerabilities have been contained, and other exploitable weaknesses are being ruled out."
We have been closely monitoring the vulnerabilities in the OnMark portal of our service provider that are being flagged in the public domain. An expert team of cybersecurity professionals has been deployed over the last few days from across various arms of the government as well…
— CBSE HQ (@cbseindia29) May 31, 2026
The board also thanked "alert citizens and ethical hackers" for reporting such issues and requested others to share security-related inputs through its official channels.
Jairam Ramesh also reacted to the controversy on social media. In a post responding to the issue, he alleged that "the answer sheets of 2 million CBSE Grade 12 students have been shown to be available in the public domain."
Calling it a "data breach of monumental proportions," he further claimed that the incident compromised the privacy of lakhs of students. Ramesh also raised concerns over the quality of the scanned answer sheets and questioned the scanning infrastructure reportedly used for digitising examination records.