diff --git a/src/layouts/sidebar-sidecar/server.ts b/src/layouts/sidebar-sidecar/server.ts
index 9aa7cab6bd..9a99e1da3c 100644
--- a/src/layouts/sidebar-sidecar/server.ts
+++ b/src/layouts/sidebar-sidecar/server.ts
@@ -18,6 +18,8 @@ import {
   generateTopLevelSidebarNavData,
 } from 'components/sidebar/helpers'
 
+import { isInvalidURI } from './utils/is-invalid-uri'
+
 /**
  * @TODO update the basePaths inside of `src/data/${productSLug}.json` files to
  * be arrays of objects that look like:
@@ -118,6 +120,13 @@ export function getStaticGenerationFunctions<
       const pathParts = (ctx.params.page || []) as string[]
       const headings = [] // populated by anchorLinks plugin below
 
+      // catch invalid URIs early
+      if (isInvalidURI(pathParts.join('/'))) {
+        return {
+          notFound: true,
+        }
+      }
+
       const loader = getLoader({
         mainBranch,
         remarkPlugins: [
diff --git a/src/layouts/sidebar-sidecar/utils/__tests__/is-invalid-uri.test.ts b/src/layouts/sidebar-sidecar/utils/__tests__/is-invalid-uri.test.ts
new file mode 100644
index 0000000000..8d6c409b7d
--- /dev/null
+++ b/src/layouts/sidebar-sidecar/utils/__tests__/is-invalid-uri.test.ts
@@ -0,0 +1,14 @@
+import { isInvalidURI } from '../is-invalid-uri'
+
+describe('isInvalidURI', () => {
+  it.each([
+    ['/docs/upgrade', false],
+    ['foo/bar%23anchor', false],
+    [
+      "/docs/upgrade%25'%20AND%202*3*8=6*8%20AND%20'zVVl'!='zVVl%25/upgrade-specific",
+      true,
+    ],
+  ])('given `%s`, returns `%s`', (a, expected) => {
+    expect(isInvalidURI(a)).toBe(expected)
+  })
+})
diff --git a/src/layouts/sidebar-sidecar/utils/is-invalid-uri.ts b/src/layouts/sidebar-sidecar/utils/is-invalid-uri.ts
new file mode 100644
index 0000000000..c62c4d65ed
--- /dev/null
+++ b/src/layouts/sidebar-sidecar/utils/is-invalid-uri.ts
@@ -0,0 +1,12 @@
+/** matches any whitespace or % */
+const RE = /(\s|%)/gi
+/** decodes a URI once, and returns if it is invalid */
+export const isInvalidURI = (uri: string) => {
+  try {
+    const res = decodeURIComponent(uri)
+    return !!res.match(RE)
+  } catch (err) {
+    console.warn(err.message, uri)
+    return true
+  }
+}