diff --git a/legacy/firmware/.changelog.d/noissue.security b/legacy/firmware/.changelog.d/noissue.security
new file mode 100644
index 000000000..dc6ae541f
--- /dev/null
+++ b/legacy/firmware/.changelog.d/noissue.security
@@ -0,0 +1 @@
+Ensure that the user is always warned about non-standard paths.
diff --git a/legacy/firmware/signing.c b/legacy/firmware/signing.c
index 7d1e37f84..4071b1914 100644
--- a/legacy/firmware/signing.c
+++ b/legacy/firmware/signing.c
@@ -702,6 +702,14 @@ static bool derive_node(TxInputType *tinput) {
   if (!coin_path_check(coin, tinput->script_type, tinput->address_n_count,
                        tinput->address_n, tinput->has_multisig,
                        CoinPathCheckLevel_BASIC)) {
+    if (is_replacement) {
+      fsm_sendFailure(
+          FailureType_Failure_ProcessError,
+          _("Non-standard paths not allowed in replacement transactions."));
+      layoutHome();
+      return false;
+    }
+
     if (config_getSafetyCheckLevel() == SafetyCheckLevel_Strict) {
       fsm_sendFailure(FailureType_Failure_DataError, _("Forbidden key path"));
       signing_abort();