diff --git a/server/routers/user/inviteUser.ts b/server/routers/user/inviteUser.ts
index f35fa785..1cae46c9 100644
--- a/server/routers/user/inviteUser.ts
+++ b/server/routers/user/inviteUser.ts
@@ -1,7 +1,7 @@
 import { Request, Response, NextFunction } from "express";
 import { z } from "zod";
 import { db } from "@server/db";
-import { orgs, userInvites, userOrgs, users } from "@server/db";
+import { orgs, roles, userInvites, userOrgs, users } from "@server/db";
 import { and, eq } from "drizzle-orm";
 import response from "@server/lib/response";
 import HttpCode from "@server/types/HttpCode";
@@ -109,6 +109,27 @@ export async function inviteUser(
             );
         }
 
+        // Validate that the roleId belongs to the target organization
+        const [role] = await db
+            .select()
+            .from(roles)
+            .where(
+                and(
+                    eq(roles.roleId, roleId),
+                    eq(roles.orgId, orgId)
+                )
+            )
+            .limit(1);
+
+        if (!role) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    "Invalid role ID or role does not belong to this organization"
+                )
+            );
+        }
+
         if (build == "saas") {
             const usage = await usageService.getUsage(orgId, FeatureId.USERS);
             if (!usage) {