diff --git a/src/vaadin-upload.html b/src/vaadin-upload.html
index ee58fd6..0eb9689 100644
--- a/src/vaadin-upload.html
+++ b/src/vaadin-upload.html
@@ -754,7 +754,10 @@
             return;
           }
           const fileExt = file.name.match(/\.[^\.]*$|$/)[0];
-          const re = new RegExp('^(' + this.accept.replace(/[, ]+/g, '|').replace(/\/\*/g, '/.*') + ')$', 'i');
+          // Escape regex operators common to mime types
+          const escapedAccept = this.accept.replace(/[+.]/g, '\\$&');
+          // Create accept regex that can match comma separated patterns, star (*) wildcards
+          const re = new RegExp(`^(${escapedAccept.replace(/[, ]+/g, '|').replace(/\/\*/g, '/.*')})$`, 'i');
           if (this.accept && !(re.test(file.type) || re.test(fileExt))) {
             this.dispatchEvent(
               new CustomEvent('file-reject', {
diff --git a/test/adding-files.html b/test/adding-files.html
index a37b8eb..3f6707b 100644
--- a/test/adding-files.html
+++ b/test/adding-files.html
@@ -321,6 +321,20 @@
           upload._addFiles([file]);
           expect(upload.files.length).to.equal(1);
         });
+
+        it('should allow files when using regex operators in accept string', () => {
+          file = createFile(testFileSize, 'image/svg+xml');
+          upload.accept = 'image/svg+xml';
+          upload._addFiles([file]);
+          expect(upload.files.length).to.equal(1);
+        });
+
+        it('should reject files when accept contains regex single character wildcard and file type is not an exact match', () => {
+          file = createFile(testFileSize, 'application/vndxms-excel');
+          upload.accept = 'application/vnd.ms-excel';
+          upload._addFiles([file]);
+          expect(upload.files.length).to.equal(0);
+        });
       });
 
     });