Back

Nisarga Adhikary Joins IIT Kanpur After Exposing CBSE OSM Vulnerabilities

Severity: Medium (Score: 54.6)

Sources: Indiatoday.In, Deccanherald, indianexpress.com, Thequint

Published: 2026-06-11 · Updated: 2026-06-11

Keywords: adhikary, nisarga, cbse, kanpur, after, year-old, exposing

Severity indicators: flaw

Summary

Nisarga Adhikary, a 19-year-old cybersecurity researcher, has been appointed as an OSINT and Threat Intelligence Engineer at IIT Kanpur's C3iHub after revealing vulnerabilities in the CBSE's On-Screen Marking (OSM) system. His disclosures included critical flaws that could allow unauthorized access to examiner accounts and student data. Adhikary responsibly reported these vulnerabilities to CERT-In before making them public, leading to increased scrutiny of the OSM system. His work will focus on analyzing publicly available information and assisting organizations in addressing cybersecurity threats. The appointment reflects a growing trend towards recognizing practical cybersecurity skills over traditional academic credentials. Adhikary's actions have sparked a national conversation about the security of digital evaluation systems in India. His recruitment is seen as a significant step in enhancing national cyber defense capabilities. Key Points: • Nisarga Adhikary exposed critical vulnerabilities in the CBSE OSM system. • He has been hired by IIT Kanpur as an OSINT and Threat Intelligence Engineer. • His responsible disclosure led to increased scrutiny and audits of the OSM system.

Detailed Analysis

**Impact** The vulnerabilities affected the Central Board of Secondary Education’s (CBSE) On-Screen Marking (OSM) portal, a critical digital platform used nationwide by schools in India to upload and evaluate student marks. Potentially exposed data included examiner accounts, student information, and password-reset functions, impacting millions of students and educators across India. The flaws risked compromising the integrity of the evaluation process and could have led to unauthorized access or manipulation of sensitive academic data. **Technical Details** The attack vector involved exploiting security weaknesses in the CBSE OSM portal’s authentication and access control mechanisms, allowing unauthorized access to examiner accounts and sensitive workflows. No specific CVEs or malware were mentioned. The vulnerabilities were identified through penetration testing and open-source intelligence techniques prior to public disclosure. The exposure occurred at the initial access and lateral movement stages of the cyber kill chain. No IOCs were provided in the available sources. **Recommended Response** Organizations using the CBSE OSM system should apply security patches and configuration updates recommended by the auditing teams from IIT Kanpur and IIT Madras. Defenders should harden authentication controls, implement multi-factor authentication, and monitor for anomalous access patterns to examiner accounts and password-reset functions. Continuous open-source intelligence gathering and vulnerability assessments are advised to detect emerging threats related to educational digital infrastructure. No specific indicators of compromise were provided for immediate blocking.

Source articles (4)

  • CBSE OSM vulnerability finder Nisarga Adhikary hired by IIT Kanpur — Indiatoday.In · 2026-06-11
    Nisarga Adhikary, the teenager who came into the spotlight after identifying vulnerabilities in the Central Board of Secondary Education's (CBSE) Online Submission of Marks (OSM) portal, has been hire…
  • After exposing CBSE OSM portal flaws, 19-year-old Nisarga Adhikary joins IIT Kanpur's ... — Deccanherald · 2026-06-11
    Nisarga Adhikary, the 19-year-old cybersecurity researcher who made headlines last month after hacking and exposing vulnerabilities in CBSE 's On-Screen Marking (OSM) system, has joined the cybersecur…
  • IIT Kanpur hires Nisarga Adhikary after CBSE OSM flaw expose — Thequint · 2026-06-11
    Nisarga Adhikary, a 19-year-old cybersecurity researcher, has been appointed as an Open-Source Intelligence (OSINT) and Threat Intelligence Engineer at IIT Kanpur’s C3iHub. Adhikary gained national at…
  • Iit Kanpur Hired Cbse Hacker Nisarga Adhikary Osint Threat Intelligence Engineer Paper Leak Osm Row Manindra Agrawal 10734326 — indianexpress.com · 2026-06-11

Timeline

  • 2026-05-22 — Adhikary publishes vulnerabilities in CBSE OSM portal: He detailed multiple security flaws in a blog post, prompting national attention and scrutiny of the system.
  • 2026-06-11 — Nisarga Adhikary joins IIT Kanpur: He was appointed as an OSINT and Threat Intelligence Engineer at C3iHub after his vulnerability disclosures.
  • 2026-06-11 — Increased scrutiny of CBSE OSM system: Following Adhikary's disclosures, IIT Kanpur and IIT Madras audited the OSM system for vulnerabilities.

Related entities

  • Ransomware (Attack Type)
  • C3iHub (Company)
  • Central Board Of Secondary Education (Company)
  • CERT-In (Company)
  • Indian Institute Of Technology Kanpur (Company)
  • Education (Company)
  • India (Country)
  • CWE-287 - Improper Authentication (Cwe)
  • CWE-862 - Missing Authorization (Cwe)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed