diff --git a/backend/internal/api/handlers/crowdsec_whitelist_handler_test.go b/backend/internal/api/handlers/crowdsec_whitelist_handler_test.go
index 7f603dea..59760760 100644
--- a/backend/internal/api/handlers/crowdsec_whitelist_handler_test.go
+++ b/backend/internal/api/handlers/crowdsec_whitelist_handler_test.go
@@ -265,3 +265,20 @@ func TestDeleteWhitelist_ReloadFailure(t *testing.T) {
 	assert.Equal(t, http.StatusNoContent, w.Code)
 	assert.True(t, mock.reloadCalled)
 }
+
+func TestDeleteWhitelist_EmptyUUID(t *testing.T) {
+	t.Parallel()
+	h, _, _ := setupWhitelistHandler(t)
+
+	w := httptest.NewRecorder()
+	c, _ := gin.CreateTestContext(w)
+	c.Request = httptest.NewRequest(http.MethodDelete, "/api/v1/admin/crowdsec/whitelist/", nil)
+	c.Params = gin.Params{{Key: "uuid", Value: ""}}
+
+	h.DeleteWhitelist(c)
+
+	assert.Equal(t, http.StatusBadRequest, w.Code)
+	var resp map[string]interface{}
+	require.NoError(t, json.Unmarshal(w.Body.Bytes(), &resp))
+	assert.Equal(t, "uuid is required", resp["error"])
+}
diff --git a/backend/internal/services/crowdsec_whitelist_service_test.go b/backend/internal/services/crowdsec_whitelist_service_test.go
index 1d1d0cf0..4fbea4cf 100644
--- a/backend/internal/services/crowdsec_whitelist_service_test.go
+++ b/backend/internal/services/crowdsec_whitelist_service_test.go
@@ -300,3 +300,10 @@ func TestCrowdSecWhitelistService_WriteYAML_RenameError(t *testing.T) {
 	assert.Error(t, err)
 	assert.Contains(t, err.Error(), "rename")
 }
+
+func TestCrowdSecWhitelistService_Add_InvalidCIDR(t *testing.T) {
+	t.Parallel()
+	svc := services.NewCrowdSecWhitelistService(openWhitelistTestDB(t), "")
+	_, err := svc.Add(context.Background(), "not-an-ip/24", "invalid cidr with slash")
+	assert.ErrorIs(t, err, services.ErrInvalidIPOrCIDR)
+}