When The Report Card System Gets A Red Mark: Inside The Cyberattack On CBSE's Revaluation Portal

The CBSE revaluation portal's payment system was hit by a malicious cyberattack, allowing approximately 50 students unauthorised access and triggering wildly erratic fee displays ranging from Re 1 to Rs 67,000–68,000. Government sources confirmed the breach was linked to the HDFC payment gateway integrated into the system at the time the portal went live raising serious questions about the board's digital security readiness.

The Central Board of Secondary Education's revaluation portal, set up for Class 12 students seeking re-evaluation of answer sheets, came under a "malicious attack" when it was first activated, government sources told PTI on May 29, 2026. The breach allowed around 50 students to enter the system and manipulate fee amounts, with the payable sum fluctuating from a nominal Re 1 to as high as Rs 67,000–68,000 in some cases. The incident has deepened anxiety around CBSE's cybersecurity infrastructure, especially in the middle of a high-stakes post-result evaluation season.

What Exactly Happened

The glitch emerged from the HDFC payment gateway that was integrated with the CBSE revaluation portal and triggered almost immediately when the portal was activated. Government sources said the portal was non-functional for some time before going live, and the gap in operational testing appears to have created a vulnerability in the payment system. The 50 students who gained access either inadvertently discovered the flaw or as government sources suggested "out of fun or out of mala fide intention," exploited the system to manipulate the displayed fee amounts.

Fee Fluctuation: From Re 1 To Rs 68,000

Perhaps the most striking detail is the scale of the fee manipulation. The portal, which is meant to allow students to pay a standardised fee to request re-evaluation of their Class 12 board answer sheets, began showing wildly inconsistent amounts. For the roughly 50 students in question, the payable amount swung from as low as Re 1 to as high as Rs 67,000–68,000 a fluctuation that rendered the payment process unreliable and effectively disrupted access for genuine applicants.

The OSM Controversy Running In Parallel

This payment portal breach is unfolding against the backdrop of a separate but related controversy around CBSE's On-Screen Marking (OSM) evaluation system. Earlier in May, a 19-year-old student named Nisarga identified what he described as serious vulnerabilities in a CBSE portal, including an exposed "master password" in JavaScript code and bypassed OTP verification. CBSE responded by clarifying that the site involved cbse.onmark.co.in was only an internal testing platform with sample data, and that the actual evaluation portal used for Class 12 marking was neither compromised nor affected. Nevertheless, the two incidents together have set off a wave of concern about the board's digital infrastructure.

Official Review And Next Steps

A high-level review meeting chaired by Union Education Minister Dharmendra Pradhan on May 28 assessed the progress of CBSE's Class 12 evaluation and post-result processes. Investigations are currently underway to enhance payment gateway security and ensure that future iterations of the portal are fully tested before going live. The board has not yet issued a detailed public statement on the revaluation portal breach, even as calls grow for a transparent audit of CBSE's digital systems.

Security Breach Highlights

1. CBSE revaluation portal's payment system hit by a "malicious attack" when portal went live
2. Around 50 students gained unauthorised access to the payment system
3. Fee amounts fluctuated from Re 1 to Rs 67,000–68,000 for affected students
4. HDFC payment gateway integrated with the portal identified as the point of failure
5. Sources say students may have exploited the glitch "out of fun or mala fide intent"
6. Union Education Minister Dharmendra Pradhan chaired a review meeting on May 28
7. Separate OSM portal vulnerability flagged by 19-year-old student Nisarga; CBSE denied that breach
8. CBSE stated that the actual evaluation portal carrying real marks and student data was not compromised
9. Incident sparks wider calls for audit of CBSE's digital security infrastructure

Sources: PTI via The Print, NDTV, Rediff, The Hindu BusinessLine, Times of India, Deccan Herald, India Today, DD India, Hindustan Times