diff --git a/modules/backend/classes/Controller.php b/modules/backend/classes/Controller.php
index cabaefd3d..ddee7a36a 100644
--- a/modules/backend/classes/Controller.php
+++ b/modules/backend/classes/Controller.php
@@ -691,6 +691,10 @@ class Controller extends Extendable
 
         $token = Request::input('_token') ?: Request::header('X-CSRF-TOKEN');
 
+        if (!strlen($token)) {
+            return false;
+        }
+
         return hash_equals(
             Session::token(),
             $token
diff --git a/modules/cms/classes/Controller.php b/modules/cms/classes/Controller.php
index 971da3f41..dc67dce66 100644
--- a/modules/cms/classes/Controller.php
+++ b/modules/cms/classes/Controller.php
@@ -1379,6 +1379,10 @@ class Controller
 
         $token = Request::input('_token') ?: Request::header('X-CSRF-TOKEN');
 
+        if (!strlen($token)) {
+            return false;
+        }
+
         return hash_equals(
             Session::token(),
             $token