diff --git a/conn.go b/conn.go
index 727a5cad..b6e03268 100644
--- a/conn.go
+++ b/conn.go
@@ -80,9 +80,11 @@ type Upload struct {
 var uploadStatusStr = "ProgrammerStatus"
 
 func uploadHandler(c *gin.Context) {
-
 	data := new(Upload)
-	c.BindJSON(data)
+	if err := c.BindJSON(data); err != nil {
+		c.String(http.StatusBadRequest, fmt.Sprintf("err with the payload. %v", err.Error()))
+		return
+	}
 
 	log.Printf("%+v %+v %+v %+v %+v %+v", data.Port, data.Board, data.Rewrite, data.Commandline, data.Extra, data.Filename)
 
diff --git a/main_test.go b/main_test.go
index 56855695..d6f23fce 100644
--- a/main_test.go
+++ b/main_test.go
@@ -18,6 +18,7 @@ package main
 import (
 	"bytes"
 	"crypto/x509"
+	"encoding/base64"
 	"encoding/json"
 	"encoding/pem"
 	"fmt"
@@ -87,6 +88,30 @@ func TestUploadHandlerAgainstEvilFileNames(t *testing.T) {
 	}
 }
 
+func TestUploadHandlerAgainstBase64WithoutPaddingMustFail(t *testing.T) {
+	r := gin.New()
+	r.POST("/", uploadHandler)
+	ts := httptest.NewServer(r)
+	defer ts.Close()
+
+	// When calling the `BindJSON` func, when a json field will be Unmarshaled
+	// in a []byte type, we expect to receive a base64 padded string in input.
+	// In case we receive a base64 unpadded string BindJSON fails.
+	// The expectation here is that the upload handler won't continue with the
+	// upload operation.
+	base64ContentWithoutPadding := base64.RawStdEncoding.EncodeToString([]byte("test"))
+	payload := fmt.Sprintf(`{"hex": "%s"}`, base64ContentWithoutPadding)
+
+	resp, err := http.Post(ts.URL, "encoding/json", bytes.NewBufferString(payload))
+	require.NoError(t, err)
+	require.Equal(t, http.StatusBadRequest, resp.StatusCode)
+
+	defer resp.Body.Close()
+	body, err := io.ReadAll(resp.Body)
+	require.NoError(t, err)
+	require.Contains(t, string(body), "err with the payload. illegal base64 data at input")
+}
+
 func TestInstallToolV2(t *testing.T) {
 
 	indexURL := "https://downloads.arduino.cc/packages/package_index.json"

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml'>
<head>
<title>pFad - Phonifier reborn</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
</head>
<body>
<h1>Pfad - The Proxy pFad of &#169; 2024 Garber Painting. All rights reserved.</h1>


<!-- Disclaimer -->
<p>Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.</p>
<br>
<p>Alternative Proxies:</p><p><a href="http://rainy.clevelandohioweatherforecast.com/php-proxy/index.php?q=https://patch-diff.githubusercontent.com/raw/arduino/arduino-create-agent/pull/999.diff" target="_blank">Alternative Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/index.php?u=https://patch-diff.githubusercontent.com/raw/arduino/arduino-create-agent/pull/999.diff" target="_blank">pFad Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v3index.php?u=https://patch-diff.githubusercontent.com/raw/arduino/arduino-create-agent/pull/999.diff" target="_blank">pFad v3 Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v4index.php?u=https://patch-diff.githubusercontent.com/raw/arduino/arduino-create-agent/pull/999.diff" target="_blank">pFad v4 Proxy</a></p></body>
</html>