diff --git a/app/controllers/invitations_controller.rb b/app/controllers/invitations_controller.rb
index fb4964b26..89ec7788b 100644
--- a/app/controllers/invitations_controller.rb
+++ b/app/controllers/invitations_controller.rb
@@ -88,6 +88,7 @@ def cancel_meeting
 
   def set_invitation
     @invitation = Invitation.find_by(token: params[:token])
+    raise ActionController::RoutingError, 'Invitation not found' unless @invitation
   end
 
   def load_invitation
diff --git a/spec/controllers/invitations_controller_spec.rb b/spec/controllers/invitations_controller_spec.rb
new file mode 100644
index 000000000..830cce365
--- /dev/null
+++ b/spec/controllers/invitations_controller_spec.rb
@@ -0,0 +1,30 @@
+RSpec.describe InvitationsController do
+  let(:event) { Fabricate(:event) }
+
+  describe 'GET #show' do
+    context 'with invalid token' do
+      it 'returns http not found' do
+        get :show, params: { event_id: event.id, token: 'invalid_token' }
+        expect(response).to have_http_status(:not_found)
+      end
+    end
+  end
+
+  describe 'POST #attend' do
+    context 'with invalid token' do
+      it 'returns http not found' do
+        post :attend, params: { event_id: event.id, token: 'invalid_token' }
+        expect(response).to have_http_status(:not_found)
+      end
+    end
+  end
+
+  describe 'POST #reject' do
+    context 'with invalid token' do
+      it 'returns http not found' do
+        post :reject, params: { event_id: event.id, token: 'invalid_token' }
+        expect(response).to have_http_status(:not_found)
+      end
+    end
+  end
+end