In an interaction with Timesnow.in, the student, Nisarga Adhikary, said he first discovered the issues in February 2026 while exploring the portal. He claims to have reported multiple vulnerabilities to CERT-In and CBSE, including alleged issues related to password validation, OTP authentication, and database leak, but says only limited action was taken after weeks. CBSE has publicly denied some of the allegations.
