diff --git a/packages/strapi-generate-api/templates/mongoose/controller.template b/packages/strapi-generate-api/templates/mongoose/controller.template
index 599c0b6e98..ecfa5b4d5e 100755
--- a/packages/strapi-generate-api/templates/mongoose/controller.template
+++ b/packages/strapi-generate-api/templates/mongoose/controller.template
@@ -28,6 +28,10 @@ module.exports = {
    */
 
   findOne: async (ctx) => {
+    if (!ctx.params._id.match(/^[0-9a-fA-F]{24}$/)) {
+      return ctx.notFound();
+    }
+
     const data = await strapi.services.<%= id %>.fetch(ctx.params);
 
     // Send 200 `ok`