diff --git a/src/main/kotlin/mdnet/base/server/ImageServer.kt b/src/main/kotlin/mdnet/base/server/ImageServer.kt
index aebc2aa..5234389 100644
--- a/src/main/kotlin/mdnet/base/server/ImageServer.kt
+++ b/src/main/kotlin/mdnet/base/server/ImageServer.kt
@@ -95,6 +95,10 @@ class ImageServer(
 
             if (tokenized || serverSettings.forceTokens) {
                 val tokenArr = Base64.getUrlDecoder().decode(Path.of("token")(request))
+                if (tokenArr.size < 24) {
+                    LOGGER.info { "Request for $sanitizedUri rejected for invalid token" }
+                    return@then Response(Status.FORBIDDEN)
+                }
                 val token = try {
                     JACKSON.readValue<Token>(
                         try {