diff --git a/lib/private/Security/RemoteHostValidator.php b/lib/private/Security/RemoteHostValidator.php
index e48bd86247256..dc6fdaf222a44 100644
--- a/lib/private/Security/RemoteHostValidator.php
+++ b/lib/private/Security/RemoteHostValidator.php
@@ -60,6 +60,10 @@ public function isValid(string $host): bool {
 		}
 
 		$host = idn_to_utf8(strtolower(urldecode($host)));
+		if ($host === false) {
+			return false;
+		}
+
 		// Remove brackets from IPv6 addresses
 		if (strpos($host, '[') === 0 && substr($host, -1) === ']') {
 			$host = substr($host, 1, -1);
diff --git a/tests/lib/Http/Client/ClientTest.php b/tests/lib/Http/Client/ClientTest.php
index e48e237e0cc7a..4d937b6c0f20c 100644
--- a/tests/lib/Http/Client/ClientTest.php
+++ b/tests/lib/Http/Client/ClientTest.php
@@ -148,6 +148,7 @@ public function dataPreventLocalAddress():array {
 			['https://service.localhost'],
 			['!@#$', true], // test invalid url
 			['https://normal.host.com'],
+			['https://com.one-.nextcloud-one.com'],
 		];
 	}
 
diff --git a/tests/lib/Security/RemoteHostValidatorTest.php b/tests/lib/Security/RemoteHostValidatorTest.php
index 030a75b1e79ec..b1371d9343c39 100644
--- a/tests/lib/Security/RemoteHostValidatorTest.php
+++ b/tests/lib/Security/RemoteHostValidatorTest.php
@@ -60,8 +60,17 @@ protected function setUp(): void {
 		);
 	}
 
-	public function testValid(): void {
-		$host = 'nextcloud.com';
+	public function dataValid(): array {
+		return [
+			['nextcloud.com', true],
+			['com.one-.nextcloud-one.com', false],
+		];
+	}
+
+	/**
+	 * @dataProvider dataValid
+	 */
+	public function testValid(string $host, bool $expected): void {
 		$this->hostnameClassifier
 			->method('isLocalHostname')
 			->with($host)
@@ -73,7 +82,7 @@ public function testValid(): void {
 
 		$valid = $this->validator->isValid($host);
 
-		self::assertTrue($valid);
+		self::assertSame($expected, $valid);
 	}
 
 	public function testLocalHostname(): void {