If you have a child in Class 12, or you follow Indian education news even a little, you have probably seen the words “CBSE scam,” “CBSE hack,” and “CBSE data breach” flying around your feed this past week. Some of it is true. A lot of it is exaggerated. And a fair bit is just old paper-leak news from years ago, recycled to ride the trend.
So let us slow down and sort it out properly.
This post explains the whole CBSE On-Screen Marking (OSM) mess of 2026 in plain language. What actually went wrong, what CBSE has admitted, what is still only an allegation, and what it means if you care about how our exam systems handle student data. I have kept the facts separate from the noise, because right now the noise is winning.
In 2026, CBSE rolled out a new digital answer-sheet checking system called On-Screen Marking for Class 12, across the whole country, for the first time. It did not go well. Students got back blurry answer sheets, some got someone else’s answer sheet entirely, marks came out lower than expected, and the pass percentage dropped to 85.20%, the lowest in seven years. On top of that, two teenagers, one a 19-year-old ethical hacker and one a 17-year-old student, publicly flagged serious security holes and questions about how the contract was awarded. After first denying any breach, CBSE admitted on May 31, 2026 that there were vulnerabilities in the vendor’s portal and that government and IIT cybersecurity teams had stepped in to fix them. Then on June 2, 2026, the pressure boiled over. The Centre transferred CBSE’s Chairman and Secretary, named new leaders, and ordered an official probe into how the OSM contract was awarded. The same day, the new re-evaluation portal went live and was promptly hit by a wave of cyberattacks. The story is still developing.
That is the gist. Now the details.
This is the freshest and biggest turn in the story, so let us put it right up front.
On June 2, 2026, the Centre carried out a major shake-up at the top of CBSE. Chairman Rahul Singh and Secretary Himanshu Gupta were both moved out. Rahul Singh has been shifted to the Department of Agriculture and Farmers Welfare as Additional Secretary, and Himanshu Gupta has been sent back to his parent cadre in the Home Ministry on administrative grounds.
In their place, the government appointed Lokhande Prashant Sitaram as the new CBSE Chairperson and Varun Bhardwaj as the new Secretary. Sitaram is a senior IAS officer who was serving in the Ministry of Home Affairs before this posting.
Alongside the reshuffle, the Centre ordered a formal inquiry into the OSM mess. A one-member committee headed by S Radha Chauhan has been set up to examine how the OSM contract was procured and awarded. This is the official probe a lot of people had been demanding.
There was also movement on the accountability front in Parliament. The 17-year-old student Sarthak Sidhant, whose tender analysis set off much of the scrutiny, appeared before the Parliamentary Standing Committee on Education and presented his findings directly to MPs. CBSE submitted its own report to the committee, telling members that the portal glitches had been fixed and that students have until June 6 to apply for re-evaluation.
And there was one more twist on the same day. The new verification and re-evaluation portal went live, and CBSE says it was hit hard by cyberattacks. According to the board’s own statement, attackers attempted a denial-of-service attack that generated roughly 1.5 million hits in just two minutes, along with more than one lakh attempts to access files without authorization. CBSE said the portal still handled over 8,000 students at once and that more than 16,000 students had completed their submissions by 3 PM. The board also said it extended session time limits based on student feedback.
There is a clear irony here that anyone in tech will notice. The same evaluation ecosystem that was flagged for weak security weeks ago is now reportedly a live target for attackers. Whether the portal held up as well as CBSE claims is something the next few days will tell.
One practical change students must know: CBSE has added Aadhaar verification to the re-evaluation portal, citing security reasons. If a student does not have an Aadhaar number, a parent’s, relative’s, or guardian’s Aadhaar details can be used instead, but the name, date of birth, and gender must match that person’s Aadhaar. The application window has also been extended to June 6, so there is a little breathing room.
Now, here is how the whole thing built up to this point.
For decades, board exam answer sheets were checked the old way. Teachers sat with physical paper booklets, read them, marked them, and added up the totals by hand.
On-Screen Marking changes that. The physical answer booklets are scanned and uploaded to an online portal. Examiners then open each sheet on a screen, grade it digitally, and the system adds up the marks automatically. In theory, this is a good idea. It cuts down on simple addition mistakes, it lets teachers from anywhere review papers, and it is supposed to make the whole process more consistent and transparent.
Here is the important part. CBSE actually first thought about OSM way back in 2014, then shelved it because scanning technology for thick, bound answer booklets was not good enough yet. They brought it back for 2026 and used it for Class 12 at full national scale right away. Class 10 stayed on the old physical checking method this year.
That decision, going from zero to full national rollout with no real pilot, sits at the center of everything that followed.
Here is the sequence of events, kept simple.
February 9, 2026: CBSE tells schools that Class 12 board exams will be evaluated using OSM. Class 10 stays physical.
February 17 to April 9, 2026: Class 12 board exams are held as normal.
Late February 2026: A 19-year-old ethical hacker named Nisarga Adhikary finds security weaknesses in the OSM evaluation portal and reports them to CERT-In, India’s cyber security agency, with a reference number.
May 13, 2026: Class 12 results are declared. The pass percentage comes in at 85.20%, down roughly three points from the previous year and the lowest in seven years. Students start complaining that their marks make no sense.
May 17, 2026: Facing heavy backlash, CBSE sharply cuts the fees for getting your scanned answer sheet, for verification, and for re-evaluation, and promises refunds if your marks go up.
May 22 and 23, 2026: Adhikary publishes a detailed blog on the security flaws. A student named Vedant Shrivastava posts online that the Physics answer sheet CBSE sent him is not even his.
May 25 to 27, 2026: More students report getting the wrong answer sheets. CBSE apologizes to Vedant and emails him the correct paper. It also rejects opposition claims about the contract as false and misleading.
May 28, 2026: Education Minister Dharmendra Pradhan publicly says, in his words, “I take responsibility.” IIT Kanpur and IIT Madras are brought in to help.
May 30, 2026: A 17-year-old student, Sarthak Sidhant, publishes an analysis of the tender documents alleging that the rules were changed to favour the winning vendor.
May 31, 2026: CBSE admits that there were vulnerabilities in the vendor’s “OnMark” portal and that they had been contained with help from government and IIT experts. This is a big shift from its earlier position.
June 1 to 2, 2026: The verification and re-evaluation portal, delayed by a day, goes live on June 2 with Aadhaar verification added and the deadline extended to June 6.
June 2, 2026: The Centre transfers Chairman Rahul Singh and Secretary Himanshu Gupta, appoints Lokhande Prashant Sitaram as the new Chairperson and Varun Bhardwaj as the new Secretary, and sets up a one-member inquiry committee under S Radha Chauhan to probe the OSM contract. CBSE reports that the new portal was targeted by cyberattacks the same day.
June 2, 2026: The Centre transfers Chairman Rahul Singh and Secretary Himanshu Gupta, appoints Lokhande Prashant Sitaram as the new Chairperson and Varun Bhardwaj as the new Secretary, and sets up a one-member inquiry committee under S Radha Chauhan to probe the OSM contract. Student whistleblower Sarthak Sidhant presents his findings to the Parliamentary Standing Committee on Education. CBSE reports that the new portal was targeted by cyberattacks the same day.
Let us start with what is solid, because this part is confirmed by CBSE itself and by mainstream reporting.
The Class 12 pass percentage genuinely dropped to 85.20%. That is real and official. CBSE also disclosed that out of nearly one crore answer books, tens of thousands had to be rescanned because the image quality was poor, and over thirteen thousand were pulled out for manual rechecking. Those are not numbers you release if everything went smoothly.
So if your gut feeling was “something is off with the marks this year,” your gut was not wrong.
This is the part that really set social media on fire, and rightly so.
Multiple students reported that when they downloaded their scanned answer sheets, the paper in front of them was not theirs. Different handwriting, different answers, sometimes a completely different student’s work tied to their roll number. The most viral case was Vedant Shrivastava, who said plainly that the Physics sheet was not his. CBSE later apologized and sent him the correct one.
Think about what that means for a second. If the wrong sheet is linked to your roll number on screen, whose marks are you actually getting? That single question is why parents lost trust so quickly.
This is the part that matters most to anyone who works in or cares about technology, so I want to explain it clearly but responsibly. I am not going to give any step-by-step instructions. I am going to explain the concepts so you understand why security people were alarmed.
Nisarga Adhikary, the 19-year-old who reported the issues to CERT-In, described a chain of basic security failures in the evaluation portal. In simple terms:
A master password was reportedly sitting in plain text inside the website’s own front-end code, which any visitor’s browser downloads. Imagine leaving the master key to a building taped to the front door. That is roughly the level of mistake we are talking about.
The login check that was supposed to happen on the secure server was instead happening inside the user’s own browser. When the important check happens on the user’s side rather than the server’s side, a knowledgeable person can simply tell their own browser to say “yes, I passed,” even when they did not.
Internal pages had no proper guards, so someone could reach screens they were never meant to see. And the system reportedly had a flaw, known in security as an Insecure Direct Object Reference, that could let one person act as if they were a different examiner. The worst-case version of this is the ability to view or change marks while pretending to be someone else.
A second researcher separately claimed that related portals built by the same kind of setup used shockingly weak admin passwords, including the famously terrible “123456,” and outdated methods for storing passwords.
Now, the contested part. CBSE’s response was that what the researcher accessed was a testing site loaded with sample data, sitting on a different web address, and that the real evaluation portal was never compromised. The researcher disputes this and says the data he saw was clearly real production data. As of now, this specific point, test environment versus live system, is not fully resolved in public. That distinction matters enormously, so treat anyone who states it as settled fact, in either direction, with caution.
What is no longer in dispute is that vulnerabilities existed somewhere in the vendor’s system, because CBSE itself said so on May 31.
Here the verified facts and the allegations need careful handling.
Verified: The contract for OSM went to a Hyderabad-based company, Coempt EduTeck, which was formerly known as Globarena Technologies. That earlier name is linked in past reporting to a major results controversy in Telangana in 2019, where a software error caused mass failures with tragic consequences. CBSE says the contract was awarded properly, following the standard government financial rules, after a multi-round tender process, and that the winning bid was far cheaper than the next big bidder.
Alleged, and denied by CBSE and the vendor: The student researcher Sarthak Sidhant claims that across different versions of the tender documents, around fifteen requirements were quietly loosened in ways that helped this particular vendor qualify. His examples include a lower quality certification level, a reduced scanning resolution requirement, and the removal of a clause that would have allowed blacklisting. Several mainstream outlets reported his findings, which gives them weight, but they remain allegations. CBSE calls the contract criticism, in its words, “erroneous, misleading and not based on facts.”
One detail worth knowing, because it affects what happens next. Reports say the vendor can face financial penalties but cannot actually be blacklisted, because that specific clause was removed before the contract was signed. So even if everyone is furious, the toughest punishment is reportedly off the table.
To be fair to CBSE, here is what it has actually confirmed versus pushed back on.
CBSE has admitted there were shortcomings in the OSM rollout, that answer-sheet mix-ups happened in specific cases, that there were vulnerabilities in the vendor’s portal, and that it has brought in IIT and government cyber teams. It cut fees, promised refunds, and assured students that the answer books themselves are safe and went through quality checks.
CBSE has denied that its live evaluation portal was breached, denied that the contract was awarded improperly, and denied that the system is fundamentally broken. The Education Minister has personally taken responsibility for the problems while sharply rejecting the political “scam” framing.
Since this is exactly where most online posts go wrong, here is the clean split.
Verified and on the record: the OSM national rollout for Class 12, the 85.20% pass rate and seven-year low, the wrong answer sheet cases and CBSE’s apology, the fee cuts and refund promise, CBSE’s admission of portal vulnerabilities, the involvement of IIT and government teams, the CERT-In report by the ethical hacker, the June 2 launch of the re-evaluation portal, the transfer of CBSE’s Chairman and Secretary and the appointment of new leaders on June 2, the official one-member probe into the OSM contract, and CBSE’s own statement that the portal faced cyberattacks on June 2.
Unverified, estimated, or contested: the exact number of students whose personal data may have been exposed (the large figures floating around are estimates, not confirmed counts), whether the live evaluation database was actually breached versus a test server, claims that answer sheets were scanned with phones, the “scam” and favouritism conclusions, and reports that some schools pushed students to post praise for OSM online.
Pure noise to ignore: any post showing 2018-era paper leak images, or mixing this up with unrelated 2026 exam stories. The 2026 OSM issue is an evaluation and security failure. It is not a question-paper leak. Anyone calling it a “paper leak” has not understood the story.
Here is the bigger picture, and it is the reason I wanted to write this carefully rather than just chase clicks.
We are putting more and more of our most sensitive systems online. Exam results, health records, identity documents, financial data. When a system that holds the academic future of lakhs of students reportedly ships with a password sitting in the front-end code and checks that run in the user’s browser instead of the server, that is not a one-off bug. That is a sign that security was treated as an afterthought, bolted on at the end instead of built in from day one.
The fix is not complicated to describe, even if it is hard to do. Test new systems at small scale before you bet the whole country on them. Keep secrets out of code that the public can download. Do the important security checks on the server, never just in the browser. Take ethical hackers seriously when they report problems, instead of treating them like enemies. And build the system so that even if one part fails, it cannot quietly hand someone else control.
None of that is exotic. It is the basics. The CBSE OSM episode is a reminder that the basics are exactly what tends to get skipped when a project is rushed.
As things stand, CBSE has new leadership at the top, an official inquiry into the OSM contract is underway, the re-evaluation portal is live with Aadhaar verification and a deadline extended to June 6, fees have been reduced, refunds are promised for upward revisions, and IIT teams are stabilizing the platform. Penalties against the vendor are reportedly being considered after mid-June. Public interest petitions have been filed in more than one High Court, and the Education Ministry has asked CBSE for a detailed report on the contract.
So if you are a student or parent affected by this, the practical move right now is straightforward. Use the official re-evaluation portal, request your scanned copy if you have not already, and keep your records and screenshots. If your sheet looks wrong, raise it formally and in writing.
This story is not over. Court decisions, any official findings on the data question, and the actual re-evaluation results will shape what we call this in hindsight, a rough rollout or something more serious. I will update this post as verified developments come in.
What is the CBSE OSM controversy in 2026? It is the fallout from CBSE using a new digital On-Screen Marking system to check Class 12 answer sheets nationwide for the first time. The rollout led to wrong answer sheets being shown to students, lower than expected marks, a seven-year low pass rate of 85.20%, and serious security concerns raised by independent researchers.
Was CBSE actually hacked in 2026? CBSE has admitted there were vulnerabilities in its vendor’s evaluation portal that needed to be fixed with help from government and IIT teams. However, CBSE maintains that its live evaluation portal was not breached and that researchers accessed a test environment. That specific point remains disputed in public.
Was there a CBSE data breach of student information? Vulnerabilities were confirmed, but the exact scale of any exposure of student personal data has not been officially confirmed. The large numbers circulating online are estimates, not verified figures, so treat them carefully.
Why was the CBSE Class 12 pass percentage so low this year? The pass percentage fell to 85.20%, the lowest in seven years. Students and parents have linked this to problems in the new digital evaluation system, including wrong and blurry answer sheets. CBSE has opened a re-evaluation and verification process in response.
Who is the new CBSE chairman in 2026? On June 2, 2026, the Centre appointed Lokhande Prashant Sitaram, a senior IAS officer who was serving in the Ministry of Home Affairs, as the new CBSE Chairperson. Varun Bhardwaj was named the new Secretary. They replaced Chairman Rahul Singh and Secretary Himanshu Gupta, who were both transferred amid the OSM row.
Was the CBSE re-evaluation portal hacked on June 2, 2026? CBSE said the new re-evaluation portal was targeted by cyberattacks on June 2, including a denial-of-service attempt that generated about 1.5 million hits in two minutes and over one lakh unauthorized file-access attempts. CBSE said the portal continued to function and that thousands of students completed submissions the same day. Aadhaar verification was added to the portal, and the deadline was extended to June 6.
What should affected students do now? Use the official CBSE re-evaluation and verification portal that opened on June 2, 2026, request your scanned answer sheet, keep all records and screenshots, and raise any mismatch formally in writing.
This article is based on official CBSE statements and credible news reporting available as of the evening of June 3rd, 2026. It clearly separates confirmed facts from allegations and unverified claims. It will be updated as the situation develops.
If you are a BA, BSc, BCom, MA, MSc or MCom student at Dr. Ram…
NEET UG 2026 faced cancellation due to paper leak allegations, leading to a re-examination scheduled…
NEET 2026 Paper Leak: 22 Lakh Students in Limbo, 5 CBI Arrests, and the Questions…
If you appeared for the CBSE Class 12 board exams this year, you already know…
If you are one of the 2.5 lakh students who qualified JEE Main 2026, then…
If you have been following tech news this week, you probably already caught a headline…
