diff --git a/heat/api/middleware/version_negotiation.py b/heat/api/middleware/version_negotiation.py
index ac69ec5fdc..3fc908750c 100644
--- a/heat/api/middleware/version_negotiation.py
+++ b/heat/api/middleware/version_negotiation.py
@@ -41,6 +41,13 @@ class VersionNegotiationFilter(wsgi.Middleware):
         return the correct API controller, otherwise, if we
         find an Accept: header, process it
         """
+
+        # Make sure the request path is valid UTF-8
+        try:
+            req.path
+        except UnicodeDecodeError:
+            return webob.exc.HTTPBadRequest()
+
         # See if a version identifier is in the URI passed to
         # us already. If so, simply return the right version
         # API controller
diff --git a/heat/tests/api/middleware/test_version_negotiation_middleware.py b/heat/tests/api/middleware/test_version_negotiation_middleware.py
index b720d9601e..4a1fe6f790 100644
--- a/heat/tests/api/middleware/test_version_negotiation_middleware.py
+++ b/heat/tests/api/middleware/test_version_negotiation_middleware.py
@@ -136,3 +136,12 @@ class VersionNegotiationMiddlewareTest(common.HeatTestCase):
         response = version_negotiation.process_request(request)
 
         self.assertIsInstance(response, webob.exc.HTTPNotFound)
+
+    def test_invalid_utf8_path(self):
+        version_negotiation = vn.VersionNegotiationFilter(
+            self._version_controller_factory, None, None)
+        request = webob.Request.blank('/%c0')
+
+        response = version_negotiation.process_request(request)
+
+        self.assertIsInstance(response, webob.exc.HTTPBadRequest)