diff --git a/app/src/Server.js b/app/src/Server.js
index 27259265..a093cadd 100644
--- a/app/src/Server.js
+++ b/app/src/Server.js
@@ -64,7 +64,7 @@ dev dependencies: {
  * @license For commercial or closed source, contact us at license.mirotalk@gmail.com or purchase directly via CodeCanyon
  * @license CodeCanyon: https://codecanyon.net/item/mirotalk-sfu-webrtc-realtime-video-conferences/40769970
  * @author  Miroslav Pejic - miroslav.pejic.85@gmail.com
- * @version 1.9.32
+ * @version 1.9.33
  *
  */
 
@@ -871,7 +871,13 @@ function startServer() {
         const ip = getIP(req);
         log.debug(`Request login to host from: ${ip}`, req.body);
 
-        const { username, password } = checkXSS(req.body);
+        const safeBody = checkXSS(req.body) || {};
+        const { username, password } = safeBody;
+
+        if (!username || !password) {
+            log.warn('Login failed: missing username or password', req.body);
+            return res.status(400).json({ message: 'Missing username or password' });
+        }
 
         const isPeerValid = await isAuthPeer(username, password);
 
diff --git a/package-lock.json b/package-lock.json
index 2b54a8a3..dcabe48c 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
     "name": "mirotalksfu",
-    "version": "1.9.32",
+    "version": "1.9.33",
     "lockfileVersion": 3,
     "requires": true,
     "packages": {
         "": {
             "name": "mirotalksfu",
-            "version": "1.9.32",
+            "version": "1.9.33",
             "license": "AGPL-3.0",
             "dependencies": {
                 "@aws-sdk/client-s3": "^3.864.0",
diff --git a/package.json b/package.json
index 4f8dfb42..8434175d 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
     "name": "mirotalksfu",
-    "version": "1.9.32",
+    "version": "1.9.33",
     "description": "WebRTC SFU browser-based video calls",
     "main": "Server.js",
     "scripts": {
diff --git a/public/js/Brand.js b/public/js/Brand.js
index c36a7e0a..e7209059 100644
--- a/public/js/Brand.js
+++ b/public/js/Brand.js
@@ -110,7 +110,7 @@ let BRAND = {
     },
     about: {
         imageUrl: '../images/mirotalk-logo.gif',
-        title: '<strong>WebRTC SFU v1.9.32</strong>',
+        title: '<strong>WebRTC SFU v1.9.33</strong>',
         html: `
             <button 
                 id="support-button" 
diff --git a/public/js/Room.js b/public/js/Room.js
index f19f7eb1..5f890e00 100644
--- a/public/js/Room.js
+++ b/public/js/Room.js
@@ -11,7 +11,7 @@ if (location.href.substr(0, 5) !== 'https') location.href = 'https' + location.h
  * @license For commercial or closed source, contact us at license.mirotalk@gmail.com or purchase directly via CodeCanyon
  * @license CodeCanyon: https://codecanyon.net/item/mirotalk-sfu-webrtc-realtime-video-conferences/40769970
  * @author  Miroslav Pejic - miroslav.pejic.85@gmail.com
- * @version 1.9.32
+ * @version 1.9.33
  *
  */
 
@@ -5543,7 +5543,7 @@ function showAbout() {
         position: 'center',
         imageUrl: BRAND.about?.imageUrl && BRAND.about.imageUrl.trim() !== '' ? BRAND.about.imageUrl : image.about,
         customClass: { image: 'img-about' },
-        title: BRAND.about?.title && BRAND.about.title.trim() !== '' ? BRAND.about.title : 'WebRTC SFU v1.9.32',
+        title: BRAND.about?.title && BRAND.about.title.trim() !== '' ? BRAND.about.title : 'WebRTC SFU v1.9.33',
         html: `
             <br />
             <div id="about">
diff --git a/public/js/RoomClient.js b/public/js/RoomClient.js
index 5de85244..56cd4195 100644
--- a/public/js/RoomClient.js
+++ b/public/js/RoomClient.js
@@ -9,7 +9,7 @@
  * @license For commercial or closed source, contact us at license.mirotalk@gmail.com or purchase directly via CodeCanyon
  * @license CodeCanyon: https://codecanyon.net/item/mirotalk-sfu-webrtc-realtime-video-conferences/40769970
  * @author  Miroslav Pejic - miroslav.pejic.85@gmail.com
- * @version 1.9.32
+ * @version 1.9.33
  *
  */