diff --git a/framework/core/src/Core/Command/RequestPasswordResetHandler.php b/framework/core/src/Core/Command/RequestPasswordResetHandler.php
index 3fafe078e..da0833730 100644
--- a/framework/core/src/Core/Command/RequestPasswordResetHandler.php
+++ b/framework/core/src/Core/Command/RequestPasswordResetHandler.php
@@ -16,6 +16,8 @@ use Flarum\Core\Repository\UserRepository;
 use Flarum\Forum\UrlGenerator;
 use Flarum\Settings\SettingsRepositoryInterface;
 use Illuminate\Contracts\Mail\Mailer;
+use Illuminate\Contracts\Validation\Factory;
+use Illuminate\Contracts\Validation\ValidationException;
 use Illuminate\Database\Eloquent\ModelNotFoundException;
 use Illuminate\Mail\Message;
 use Symfony\Component\Translation\TranslatorInterface;
@@ -47,20 +49,33 @@ class RequestPasswordResetHandler
      */
     protected $translator;
 
+    /**
+     * @var Factory
+     */
+    protected $validatorFactory;
+
     /**
      * @param UserRepository $users
      * @param SettingsRepositoryInterface $settings
      * @param Mailer $mailer
      * @param UrlGenerator $url
      * @param TranslatorInterface $translator
+     * @param Factory $validatorFactory
      */
-    public function __construct(UserRepository $users, SettingsRepositoryInterface $settings, Mailer $mailer, UrlGenerator $url, TranslatorInterface $translator)
-    {
+    public function __construct(
+        UserRepository $users,
+        SettingsRepositoryInterface $settings,
+        Mailer $mailer,
+        UrlGenerator $url,
+        TranslatorInterface $translator,
+        Factory $validatorFactory
+    ) {
         $this->users = $users;
         $this->settings = $settings;
         $this->mailer = $mailer;
         $this->url = $url;
         $this->translator = $translator;
+        $this->validatorFactory = $validatorFactory;
     }
 
     /**
@@ -70,7 +85,18 @@ class RequestPasswordResetHandler
      */
     public function handle(RequestPasswordReset $command)
     {
-        $user = $this->users->findByEmail($command->email);
+        $email = $command->email;
+
+        $validation = $this->validatorFactory->make(
+            compact('email'),
+            ['email' => 'required|email']
+        );
+
+        if ($validation->fails()) {
+            throw new ValidationException($validation);
+        }
+
+        $user = $this->users->findByEmail($email);
 
         if (! $user) {
             throw new ModelNotFoundException;