Endpoint/Controllers/Configuration/SetupController.cs

@@ -70,7 +70,17 @@ public class SetupController(
     [HttpGet("CheckToken")]
     public ActionResult<bool> CheckToken([FromQuery] string token)
     {
-        if (!setupToken.MatchToken(Convert.FromBase64String(token)))
+        byte[] tokenBase64;
+        try
+        {
+            tokenBase64 = Convert.FromBase64String(token);
+        }
+        catch (FormatException)
+        {
+            throw new ControllerArgumentException("A token of the wrong format.");
+        }
+
+        if (!setupToken.MatchToken(tokenBase64))
             return Unauthorized("The token is not valid");
 
         Response.Cookies.Append(TokenAuthenticationAttribute.AuthToken, token, new CookieOptions