diff --git a/internal/server.go b/internal/server.go
index c5d787822993fb4369e51954162279a6b6b28f90..f37998a33e8454e0891365a4f626dbaadc13958b 100644
--- a/internal/server.go
+++ b/internal/server.go
@@ -338,6 +338,11 @@ func reportBug(w http.ResponseWriter, r *http.Request) {
 		fmt.Fprint(w, "Invaild Request")
 		return
 	}
+	/* Prevent field injection (assuming no injection in user.Name is possible) */
+	if strings.ContainsRune(subject, '\n') {
+		w.WriteHeader(http.StatusBadRequest)
+		fmt.Fprint(w, "Invaild Request")
+	}
 
 	/* Try to dispatch bugreport */
 	if err = BRDispatchBugreport(&user, subject, content); err != nil {