diff --git a/frontend/src/routes/aktivitaeten/+page.server.ts b/frontend/src/routes/aktivitaeten/+page.server.ts
index 940cedb6..aacab562 100644
--- a/frontend/src/routes/aktivitaeten/+page.server.ts
+++ b/frontend/src/routes/aktivitaeten/+page.server.ts
@@ -71,7 +71,8 @@ export async function load({ fetch, url }) {
 export const actions = {
 	'dismiss-notification': async ({ request, fetch }) => {
 		const data = await request.formData();
-		const notificationId = data.get('notificationId') as string;
+		const notificationId = data.get('notificationId') as string | null;
+		if (!notificationId) return fail(400, { error: 'Ungültige Benachrichtigungs-ID' });
 		const api = createApiClient(fetch);
 		const result = await api.PATCH('/api/notifications/{id}/read', {
 			params: { path: { id: notificationId } }
diff --git a/frontend/src/routes/aktivitaeten/page.server.spec.ts b/frontend/src/routes/aktivitaeten/page.server.spec.ts
index fbff2670..63ee881b 100644
--- a/frontend/src/routes/aktivitaeten/page.server.spec.ts
+++ b/frontend/src/routes/aktivitaeten/page.server.spec.ts
@@ -185,6 +185,13 @@ function makeActionEvent(formData: FormData): any {
 }
 
 describe('aktivitaeten/actions — dismiss-notification', () => {
+	it('returns fail(400, { error }) and does NOT call PATCH when notificationId is missing', async () => {
+		const result = await actions['dismiss-notification'](makeActionEvent(new FormData()));
+
+		expect(result).toMatchObject({ status: 400 });
+		expect(mockApi.PATCH).not.toHaveBeenCalled();
+	});
+
 	it('calls PATCH /api/notifications/{id}/read with the form-supplied notificationId', async () => {
 		mockApi.PATCH.mockResolvedValue({ response: { ok: true }, data: {} });
 		const fd = new FormData();