diff --git a/deluge/ui/web/server.py b/deluge/ui/web/server.py
index e14c89a6d..a02609f53 100644
--- a/deluge/ui/web/server.py
+++ b/deluge/ui/web/server.py
@@ -126,6 +126,10 @@ class Upload(resource.Resource):
 
 
 class Render(resource.Resource):
+    def __init__(self):
+        resource.Resource.__init__(self)
+        # Make a list of all the template files to check requests against.
+        self.template_files = fnmatch.filter(os.listdir(rpath('render')), '*.html')
 
     def getChild(self, path, request):  # NOQA: N802
         request.render_file = path
@@ -136,6 +140,10 @@ class Render(resource.Resource):
             request.setResponseCode(http.INTERNAL_SERVER_ERROR)
             return ''
 
+        if request.render_file not in self.template_files:
+            request.setResponseCode(http.NOT_FOUND)
+            return '<h1>404 - Not Found</h1>'
+
         filename = os.path.join('render', request.render_file)
         template = Template(filename=rpath(filename))
         request.setHeader(b'content-type', b'text/html')