'Insanely insecure': Ethical hacker alleges CBSE answer sheets, question papers were publicly accessible
CBSE people didn't configure their AWS bucket properly, and now we can paginate and enumerate all their media, which has 2026 answer sheets and question papers, claims Nisarga
- May 31, 2026,
- Updated May 31, 2026 2:10 PM IST
Just days after questions emerged over how CBSE awarded its controversial On-Screen Marking (OSM) contract, fresh allegations have put the spotlight on the board's digital infrastructure itself.
Nisarga Adhikary, a 19-year-old ethical hacker who recently claimed to have uncovered vulnerabilities in CBSE-linked platforms, has alleged that answer sheets and question papers stored on a CBSE-linked cloud server were publicly accessible online because of a configuration lapse.
In a post on X, Adhikary claimed that a CBSE-linked Amazon Web Services (AWS) bucket allowed users to browse and download examination-related files without authentication.
"CBSE people didn't configure their AWS bucket properly, and now we can paginate and enumerate all their media, which has 2026 answer sheets and question papers," he wrote.
According to Adhikary, the storage system permitted unauthenticated users to list files and access scanned answer booklets across institutions. "Anyone on the internet can download any scanned booklet," he alleged, describing the setup as "insanely insecure".
The allegations have further deepened the controversy around CBSE's OSM system.
The debate initially centred on complaints from students and parents, who alleged blurred answer sheets, missing pages, and evaluation-related issues after the board introduced digital on-screen marking for Class 12 examinations.
The controversy then shifted to the tendering process itself after Sarthak Sidhant, a 17-year-old Class 12 student, said he reviewed hundreds of CBSE tender documents and found changes in eligibility and security requirements across successive bidding rounds.
Sarthak alleged that those modifications may have helped Hyderabad-based Coempt Eduteck secure the OSM contract. He further claimed that the company was previously known as Globarena Technologies, which was linked to the Telangana Intermediate Examination controversy in 2019.
During that episode, software and evaluation-related issues reportedly affected the results of thousands of students. At least 23 students had reportedly committed suicide.
Globarena later rebranded as Coempt Eduteck, according to Sarthak's post. His central claim is that a series of modifications made to CBSE's tender requirements between successive bidding rounds may have altered the eligibility criteria in ways that ultimately benefited Coempt.
Just days after questions emerged over how CBSE awarded its controversial On-Screen Marking (OSM) contract, fresh allegations have put the spotlight on the board's digital infrastructure itself.
Nisarga Adhikary, a 19-year-old ethical hacker who recently claimed to have uncovered vulnerabilities in CBSE-linked platforms, has alleged that answer sheets and question papers stored on a CBSE-linked cloud server were publicly accessible online because of a configuration lapse.
In a post on X, Adhikary claimed that a CBSE-linked Amazon Web Services (AWS) bucket allowed users to browse and download examination-related files without authentication.
"CBSE people didn't configure their AWS bucket properly, and now we can paginate and enumerate all their media, which has 2026 answer sheets and question papers," he wrote.
According to Adhikary, the storage system permitted unauthenticated users to list files and access scanned answer booklets across institutions. "Anyone on the internet can download any scanned booklet," he alleged, describing the setup as "insanely insecure".
The allegations have further deepened the controversy around CBSE's OSM system.
The debate initially centred on complaints from students and parents, who alleged blurred answer sheets, missing pages, and evaluation-related issues after the board introduced digital on-screen marking for Class 12 examinations.
The controversy then shifted to the tendering process itself after Sarthak Sidhant, a 17-year-old Class 12 student, said he reviewed hundreds of CBSE tender documents and found changes in eligibility and security requirements across successive bidding rounds.
Sarthak alleged that those modifications may have helped Hyderabad-based Coempt Eduteck secure the OSM contract. He further claimed that the company was previously known as Globarena Technologies, which was linked to the Telangana Intermediate Examination controversy in 2019.
During that episode, software and evaluation-related issues reportedly affected the results of thousands of students. At least 23 students had reportedly committed suicide.
Globarena later rebranded as Coempt Eduteck, according to Sarthak's post. His central claim is that a series of modifications made to CBSE's tender requirements between successive bidding rounds may have altered the eligibility criteria in ways that ultimately benefited Coempt.