diff --git a/internal/ui/proxy.go b/internal/ui/proxy.go
index 1af18ec1..110aeb5a 100644
--- a/internal/ui/proxy.go
+++ b/internal/ui/proxy.go
@@ -10,6 +10,7 @@ import (
 	"errors"
 	"log/slog"
 	"net/http"
+	"net/url"
 	"time"
 
 	"miniflux.app/v2/internal/config"
@@ -54,6 +55,27 @@ func (h *handler) mediaProxy(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	u, err := url.Parse(string(decodedURL))
+	if err != nil {
+		html.BadRequest(w, r, errors.New("invalid URL provided"))
+		return
+	}
+
+	if u.Scheme != "http" && u.Scheme != "https" {
+		html.BadRequest(w, r, errors.New("invalid URL provided"))
+		return
+	}
+
+	if u.Host == "" {
+		html.BadRequest(w, r, errors.New("invalid URL provided"))
+		return
+	}
+
+	if !u.IsAbs() {
+		html.BadRequest(w, r, errors.New("invalid URL provided"))
+		return
+	}
+
 	mediaURL := string(decodedURL)
 	slog.Debug("MediaProxy: Fetching remote resource",
 		slog.String("media_url", mediaURL),