diff --git a/aurweb/routers/pkgbase.py b/aurweb/routers/pkgbase.py
index 1bca5ea3..c735f474 100644
--- a/aurweb/routers/pkgbase.py
+++ b/aurweb/routers/pkgbase.py
@@ -286,6 +286,8 @@ async def pkgbase_comment_post(
 
     if not comment:
         raise HTTPException(status_code=HTTPStatus.BAD_REQUEST)
+    elif request.user.ID != db_comment.UsersID:
+        raise HTTPException(status_code=HTTPStatus.UNAUTHORIZED)
 
     # If the provided comment is different than the record's version,
     # update the db record.
diff --git a/test/test_pkgbase_routes.py b/test/test_pkgbase_routes.py
index 5c44ea47..f6bcf5d7 100644
--- a/test/test_pkgbase_routes.py
+++ b/test/test_pkgbase_routes.py
@@ -467,6 +467,22 @@ def test_pkgbase_comments(client: TestClient, maintainer: User, user: User,
     assert "form" in data
 
 
+def test_pkgbase_comment_edit_unauthorized(client: TestClient,
+                                           user: User,
+                                           maintainer: User,
+                                           package: Package,
+                                           comment: PackageComment):
+    pkgbase = package.PackageBase
+
+    cookies = {"AURSID": maintainer.login(Request(), "testPassword")}
+    with client as request:
+        endp = f"/pkgbase/{pkgbase.Name}/comments/{comment.ID}"
+        response = request.post(endp, data={
+            "comment": "abcd im trying to change this comment."
+        }, cookies=cookies)
+    assert response.status_code == HTTPStatus.UNAUTHORIZED
+
+
 def test_pkgbase_comment_delete(client: TestClient,
                                 maintainer: User,
                                 user: User,