diff --git a/src/server/Master.ts b/src/server/Master.ts
index 388aba19c..3a131b12e 100644
--- a/src/server/Master.ts
+++ b/src/server/Master.ts
@@ -5,7 +5,7 @@ import http from "http";
 import path from "path";
 import { fileURLToPath } from "url";
 import { getServerConfigFromServer } from "../core/configuration/ConfigLoader";
-import { GameInfo } from "../core/Schemas";
+import { GameInfo, ID } from "../core/Schemas";
 import { generateID } from "../core/Util";
 import { gatekeeper, LimiterType } from "./Gatekeeper";
 import { logger } from "./Logger";
@@ -170,6 +170,11 @@ app.post(
 
     const { gameID, clientID } = req.params;
 
+    if (!ID.safeParse(gameID).success || !ID.safeParse(clientID).success) {
+      res.sendStatus(400);
+      return;
+    }
+
     try {
       const response = await fetch(
         `http://localhost:${config.workerPort(gameID)}/api/kick_player/${gameID}/${clientID}`,