diff --git a/src/State/Tests/Util/RequestParserTest.php b/src/State/Tests/Util/RequestParserTest.php
index 40e0ea0f5d8..45632585ecc 100644
--- a/src/State/Tests/Util/RequestParserTest.php
+++ b/src/State/Tests/Util/RequestParserTest.php
@@ -42,6 +42,9 @@ public static function parseRequestParamsProvider(): array
 
             // urlencoded [] (square brackets) in query string.
             ['a%5B1%5D=%2525', ['a' => ['1' => '%25']]],
+
+            // malformed query string with unclosed bracket and multibyte characters
+            ['y%5B%C2%9D=', ['79_'."\xC2\x9D" => '']],
         ];
     }
 }
diff --git a/src/State/Util/RequestParser.php b/src/State/Util/RequestParser.php
index 4ac1018ea95..a36914b6904 100644
--- a/src/State/Util/RequestParser.php
+++ b/src/State/Util/RequestParser.php
@@ -51,7 +51,18 @@ public static function parseRequestParams(string $source): array
         // parse_str urldecodes both keys and values in resulting array.
         parse_str($source, $params);
 
-        return array_combine(array_map('hex2bin', array_keys($params)), $params);
+        $keys = array_map(
+            static function (string $key): string {
+                if (0 !== \strlen($key) % 2 || \strlen($key) !== strspn($key, '0123456789abcdef')) {
+                    return $key;
+                }
+
+                return hex2bin($key);
+            },
+            array_keys($params),
+        );
+
+        return array_combine($keys, $params);
     }
 
     /**