diff --git a/src/Http/Controllers/CP/Assets/AssetsController.php b/src/Http/Controllers/CP/Assets/AssetsController.php
index 60ea736109..83460f08ec 100644
--- a/src/Http/Controllers/CP/Assets/AssetsController.php
+++ b/src/Http/Controllers/CP/Assets/AssetsController.php
@@ -42,6 +42,8 @@ public function show($asset)
     {
         $asset = Asset::find(base64_decode($asset));
 
+        abort_if(! $asset, 404);
+
         // TODO: Auth
 
         return new AssetResource($asset);
@@ -132,6 +134,8 @@ public function download($asset)
     {
         $asset = Asset::find(base64_decode($asset));
 
+        abort_if(! $asset, 404);
+
         // TODO: Auth
 
         return $asset->download();