diff --git a/pkg/ssh/cmd/commit.go b/pkg/ssh/cmd/commit.go
index ad2020d36a2076e540f71c3eba380909fd7756b9..1d99d299aaa549d186679e9236007d138881977f 100644
--- a/pkg/ssh/cmd/commit.go
+++ b/pkg/ssh/cmd/commit.go
@@ -2,6 +2,7 @@ package cmd
 
 import (
 	"fmt"
+	"regexp"
 	"strings"
 	"time"
 
@@ -13,6 +14,8 @@ import (
 	"github.com/spf13/cobra"
 )
 
+var shaRE = regexp.MustCompile(`^[a-fA-F0-9]{5,40}$`)
+
 // commitCommand returns a command that prints the contents of a commit.
 func commitCommand() *cobra.Command {
 	var color bool
@@ -29,6 +32,10 @@ func commitCommand() *cobra.Command {
 			repoName := args[0]
 			commitSHA := args[1]
 
+			if !shaRE.MatchString(commitSHA) {
+				return fmt.Errorf("invalid commit SHA: %s", commitSHA)
+			}
+
 			rr, err := be.Repository(ctx, repoName)
 			if err != nil {
 				return err