diff --git a/src/api/endpoints/drive/files/update.js b/src/api/endpoints/drive/files/update.js
index 3ec9e5a73d..612d380955 100644
--- a/src/api/endpoints/drive/files/update.js
+++ b/src/api/endpoints/drive/files/update.js
@@ -26,6 +26,11 @@ module.exports = (params, user) =>
 		return rej('file_id is required');
 	}
 
+	// Validate id
+	if (!mongo.ObjectID.isValid(fileId)) {
+		return rej('incorrect file_id');
+	}
+
 	const file = await DriveFile
 		.findOne({
 			_id: new mongo.ObjectID(fileId),