Why is CBSE silent on vendor behind ‘On-Screen Marking’ system?

Under the newly introduced OSM system, answer books are digitally scanned and evaluated online — which the board had claimed would eliminate totalling errors and reduce manual intervention. The system, the CBSE had stated, would enable faster evaluation, wider teacher participation including overseas schools, reduce logistics costs, and enable environmentally sustainable processes.

Post-result verification of marks would no longer be required, was another claim made by the CBSE. Instead of checking physical answer sheets, examiners were expected to log into an online portal where scanned copies of answer scripts were assigned to them for evaluation.

The results of class 12 Board examination, 2026 were announced on 13 May. A large number of complaints have surfaced since then of students who demanded to see the scanned copies of their answer sheets with marking.

At least two of the examinees complained that the answer sheets emailed to them were not theirs. In both the cases, the first page of the Physics and Chemistry answer sheets bore the handwritten details filled by the examinees themselves. But the rest of the answer sheets did not match their handwriting, complained Vedant and Sanjana.

The Central Board of Secondary Education (CBSE) is one of the largest national education boards in India. It operates under the Government of India and runs major examinations like the Class 10 and Class 12 board exams for millions of students every year.

CBSE is affiliated with over 28,000 schools in India and several hundred more abroad, which makes it one of the most influential educational bodies in the country. Every year, millions of answer sheets are evaluated by thousands of teachers and examiners as part of the board exam process.

The On-Screen Marking (OSM) system however failed due to technical glitches, mismatched answer sheets, missing scans, and a grievance portal crash — causing widespread panic among Class 12 students.

The CBSE acknowledged the errors due to alleged technical glitches and sent the correct answer sheets to both the students. However, other errors cropped up and it was noticed that some questions had not been marked at all.

The mother of Sanjana was quoted in The Hindustan Times as saying, “My daughter finally received the scanned copies of four answer sheets and to our shock, page number 22 is missing from one of the documents. On top of that, marks have not been awarded for several answers that exactly match the official answer key. And this isn’t limited to just one paper; the same issue appears across multiple subjects”.

One of the examinees took to X and aired his public complaint, “Your OSM system gave us blurry, unreadable answer sheets. The revaluation portal has been crashing since day one, payments failing repeatedly, students overcharged up to Rs 2,07,000 and 1 lakh due to glitches, hackers attacking the site, endless delays and useless extensions.

Lakhs of us failed in multiple subjects despite our hard work. I just lost my close friend to this pain. He couldn't survive the heartbreak. Many more students are having severe breakdowns and attempting suicide. Families are shattered. Our dreams of JEE, NEET and college admissions are finished”.

The brother of Vedant Srivastava, Siddhant explained to a news agency, “The problem was that his answer sheet was exchanged with someone else's, and the marks we received were based on someone else's answer sheet. We emailed the complaint to CBSE. We also made a video, gave an interview to a news channel, and tweeted it. When this matter received a lot of public attention, CBSE reached out to us and sent us the correct answer key… After Vedant's case was revealed, more students came forward… We want a formal portal established for other students as well, where they can report such problems directly to CBSE and not face [harassment] and trolling as we did—to report their genuine issues.”

CBSE has not officially named the private firm that designed the On-Screen Marking (OSM) system.

Procurement records show tenders were floated for scanning, stapling, and technical support services, but the vendor responsible for the OSM platform itself has not been publicly disclosed.

CBSE floated multiple tenders in 2025–26 related to Cutting, scanning, and stapling of answer books for regional offices and also for selection of an agency as Technical Support Unit (TSU) for development and launch of CBSE’s Global Curriculum. While these tenders confirm CBSE was outsourcing technical and operational services, there is no mention of a specific OSM platform vendor.

The non-disclosure of a OSM vendor may mean that the system was developed in-house with outsourced scanning support, or a private vendor was contracted but not named publicly in press releases or tender summaries.

The chairman of the parliamentary standing committee on Education, Congress Rajya Sabha MP Digvijaya Singh, is learnt to have convened a meeting of the committee next week to ascertain the identity of the vendor from the CBSE, if any, and the vendor’s past experience, technical expertise etc. Unverified reports circulating on social media claim the vendor is a company with a record of failures in other states.

While teams from IIT, Madras and IIT, Kanpur are carrying out third-party audits of the system, a 19-year-old ‘hacker’ has claimed that he had detected the vulnerabilities of the system way back in February, 2026 and had alerted CERT-In (Computer Emergency Response Team-India) about them immediately.

Describing himself as a “hobbyist cybersecurity researcher” who has just finished his Class 12 exams this year, the 19-year-old with the handle “@nisarga” posted on X, “I've done bug bounty and security work for fun before, so when CBSE rolled out OSM and I noticed the portal link was completely public, my curiosity got the better of me.”

He flagged five vulnerabilities and summarised what these flaws allowed:

• Log in as any examiner using a master password leaked in the frontend.

• Bypass OTP entirely, because validation happens in the browser.

• Reach any internal page without authenticating at all.

• Reset any examiner's password without knowing their current one.

• Act as any user across the API thanks to systemic IDOR, and in doing so edit marks, change examiner details, and tamper with the evaluation process.

“None of this required sophisticated exploitation. The hardest part was reading a JavaScript file and editing a couple of values in DevTools,” he said before adding, “I reported all of this to CERT-In (the Indian Computer Emergency Response Team) before writing anything publicly”.

His full blogpost can be accessed here: ni5arga.com/blog/posts/hacking-cbse/