CBSE faces fresh scrutiny after hacker flags exposed AWS exam files (Image: X/@ni5arga)

Gen Z vs CBSE: Nisarga alleges 2026 answer sheets were exposed online

After triggering the OSM controversy, 19-year-old ethical hacker Nisarga Adhikary has made a fresh claim against CBSE, alleging that a CBSE-linked AWS bucket exposed scanned answer sheets and question papers online.

by · India Today

In Short

  • Nisarga Adhikary alleges CBSE's AWS bucket exposed answer sheets online
  • Adhikary claims unauthenticated access allowed browsing and downloading of exam files
  • Concerns over digital security and transparency in CBSE's exam data management

Fresh questions have emerged over the security of CBSE's digital infrastructure after 19-year-old ethical hacker Nisarga Adhikary alleged that answer sheets and question papers stored on an AWS bucket were publicly accessible online.

The claim comes amid ongoing scrutiny of CBSE's On-Screen Marking (OSM) system and days after Adhikary's disclosures about vulnerabilities in CBSE-linked digital platforms triggered a nationwide debate over the board's technology ecosystem.

ALLEGED AWS BUCKET EXPOSURE

In a social media post, Adhikary claimed that a CBSE-linked AWS bucket had been improperly configured, allowing unauthenticated access to examination-related files.

"CBSE people didn't configure their AWS bucket properly, and now we can paginate and enumerate all their media which has 2026 answer sheets and question papers. ListObjectsV2 works without any auth and the bucket root is listable too, anyone on the internet can download any scanned booklet, across institutions. Multiple institutions are using the same bucket, insanely insecure," he wrote.

In simpler terms, Adhikary alleged that users could browse, list and access files stored in the bucket without authentication. He further claimed that the exposed data included scanned answer sheets and question papers, and that multiple institutions were using the same storage infrastructure.

FROM OSM ROW TO FRESH SECURITY QUESTIONS

The latest allegations come against the backdrop of the controversy surrounding CBSE's rollout of the On-Screen Marking (OSM) system for Class 12 board examinations.

Adhikary recently drew national attention after claiming he had identified vulnerabilities in a CBSE-linked portal and reported them to CERT-In months ago.

The issue gained further traction when he demonstrated the viral "Bad Apple" animation running on a CBSE-linked portal, arguing that the exercise highlighted broader weaknesses in systems associated with the board's digital infrastructure.

The claims added to concerns already surrounding OSM, which has faced criticism over answer-sheet mix-ups, scanning issues, portal glitches and evaluation-related discrepancies during its first large-scale deployment.

CBSE'S POSITION

CBSE has dismissed claims of a breach in its evaluation system, clarifying that the portal referenced in the controversy was a test platform with sample data rather than the live OSM system used for assessing board exam answer sheets.

According to CBSE, no breach has been reported in the live evaluation system.

WHY THE CLAIMS MATTER

The allegations have surfaced at a crucial time for the board. CBSE is set to begin the Class 12 re-evaluation process on June 1 after postponing it to ensure a glitch-free application process. More than 4 lakh students have sought access to their answer scripts, placing the board's evaluation and digital systems under intense public scrutiny.

Any concerns relating to answer-sheet handling, storage security or digital infrastructure are therefore likely to attract significant attention from students, parents and educators.

THE BIGGER PICTURE

Whether the alleged AWS bucket exposure involved sensitive examination records, a testing environment or data linked to third-party institutions remains unclear and awaits independent verification. However, the claims have reignited concerns about cybersecurity, data governance and oversight in high-stakes educational systems.

Coming just days after the OSM controversy, the allegations are likely to intensify calls for greater transparency, stronger security audits and clearer accountability mechanisms in the management of examination-related data.

- Ends

Plot twists, panic, and public outrage: Why CBSE's OSM crisis feels like peak OTT dramaCBSE's on-screen marking rollout for Class 12 results triggered complaints over low scores, portal glitches, a mismatched answer sheet and a hacker claim. The row has widened into questions over trust, accountability and the security of a digital evaluation system handling millions of records.Karan Yadav, 29 May 202611 lakh answer sheets, lingering OSM doubts: CBSE re-evaluation begins June 1CBSE will begin Class 12 re-evaluation on June 1 after delaying the process amid growing concerns over answer-sheet marking, the Onscreen Marking System (OSM), and portal-related issues. With over 4 lakh students seeking access to their answer scripts, the exercise has emerged as a key test of confidence in the board's evaluation process.India Today Education Desk, 31 May 2026