diff --git a/tests/device_tests/test_msg_signtx_replacement.py b/tests/device_tests/test_msg_signtx_replacement.py
index a91090997..a610ae80c 100644
--- a/tests/device_tests/test_msg_signtx_replacement.py
+++ b/tests/device_tests/test_msg_signtx_replacement.py
@@ -1076,3 +1076,52 @@ def test_p2wpkh_invalid_signature(client):
             lock_time=1348713,
             prev_txes=prev_txes,
         )
+
+
+def test_p2tr_invalid_signature(client):
+    # Ensure that transaction replacement fails when the original signature is invalid.
+
+    inp1 = messages.TxInputType(
+        # tb1p8tvmvsvhsee73rhym86wt435qrqm92psfsyhy6a3n5gw455znnpqm8wald
+        address_n=parse_path("86'/1'/0'/0/1"),
+        amount=13000,
+        orig_hash=TXHASH_8e4af7,
+        orig_index=0,
+        prev_hash=TXHASH_a4e274,
+        prev_index=1,
+        script_type=messages.InputScriptType.SPENDTAPROOT,
+    )
+    inp2 = messages.TxInputType(
+        # tb1pswrqtykue8r89t9u4rprjs0gt4qzkdfuursfnvqaa3f2yql07zmq8s8a5u
+        address_n=parse_path("86'/1'/0'/0/0"),
+        amount=6800,
+        orig_hash=TXHASH_8e4af7,
+        orig_index=1,
+        prev_hash=TXHASH_ccd7ea,
+        prev_index=0,
+        script_type=messages.InputScriptType.SPENDTAPROOT,
+    )
+    out1 = messages.TxOutputType(
+        address="tb1qq0rurzt04d76hk7pjxhqggk7ad4zj7c9u369kt",
+        amount=15000,
+        orig_hash=TXHASH_8e4af7,
+        orig_index=0,
+        script_type=messages.OutputScriptType.PAYTOADDRESS,
+    )
+    out2 = messages.TxOutputType(
+        # tb1pn2d0yjeedavnkd8z8lhm566p0f2utm3lgvxrsdehnl94y34txmts5s7t4c
+        address_n=parse_path("86'/1'/0'/1/0"),
+        amount=4600 - 250,  # bump the fee by 250
+        orig_hash=TXHASH_8e4af7,
+        orig_index=1,
+        script_type=messages.OutputScriptType.PAYTOTAPROOT,
+    )
+
+    # Invalidate the signature in the original witness.
+    prev_tx_invalid = TX_CACHE_TESTNET[TXHASH_8e4af7]
+    prev_tx_invalid.inputs[0].witness = bytearray(prev_tx_invalid.inputs[0].witness)
+    prev_tx_invalid.inputs[0].witness[10] ^= 1
+    prev_txes = {TXHASH_8e4af7: prev_tx_invalid}
+
+    with pytest.raises(TrezorFailure, match="Invalid signature"):
+        btc.sign_tx(client, "Testnet", [inp1, inp2], [out1, out2], prev_txes=prev_txes)
diff --git a/tests/ui_tests/fixtures.json b/tests/ui_tests/fixtures.json
index af2066d93..dd444134c 100644
--- a/tests/ui_tests/fixtures.json
+++ b/tests/ui_tests/fixtures.json
@@ -691,6 +691,7 @@
 "test_msg_signtx_replacement.py::test_attack_steal_change": "04ba3e05862eef616957f9f0c67f7a1d841a3bc7278c5fd999dfba4ebeee5314",
 "test_msg_signtx_replacement.py::test_p2pkh_fee_bump": "9521ab8dcf72d514103ec16410e3ad7d8e384084c3a645178ab191315911cd13",
 "test_msg_signtx_replacement.py::test_p2tr_fee_bump": "d2adcdaf62181c703628e355ba84ff979a81426429ee487c0059a9f161fbeb25",
+"test_msg_signtx_replacement.py::test_p2tr_invalid_signature": "d2adcdaf62181c703628e355ba84ff979a81426429ee487c0059a9f161fbeb25",
 "test_msg_signtx_replacement.py::test_p2wpkh_finalize": "66d0c98fe05fab4e77a516434883f81fa9516464373374097e91a8e3c278a6b3",
 "test_msg_signtx_replacement.py::test_p2wpkh_in_p2sh_fee_bump_from_external": "d3d97e310fb2d1d29b351bdc35b359aab75b4bba7afd257eb85100031edaacbf",
 "test_msg_signtx_replacement.py::test_p2wpkh_in_p2sh_remove_change": "ae9e7bc83227cf6187fb5c689515b66da7bf8fcc58a43128389f6eb7ab35240d",