diff --git a/src/State/Tests/Util/RequestParserTest.php b/src/State/Tests/Util/RequestParserTest.php
index 40e0ea0f5d8..b8e37e18e00 100644
--- a/src/State/Tests/Util/RequestParserTest.php
+++ b/src/State/Tests/Util/RequestParserTest.php
@@ -42,6 +42,9 @@ public static function parseRequestParamsProvider(): array
 
             // urlencoded [] (square brackets) in query string.
             ['a%5B1%5D=%2525', ['a' => ['1' => '%25']]],
+
+            ['y%5B%C2%9D=', ['79_'."\xC2\x9D" => '']],
+            ['z%5Bg=', ['7a_g' => '']],
         ];
     }
 }
diff --git a/src/State/Util/RequestParser.php b/src/State/Util/RequestParser.php
index 4ac1018ea95..e83acf9e7f4 100644
--- a/src/State/Util/RequestParser.php
+++ b/src/State/Util/RequestParser.php
@@ -51,7 +51,12 @@ public static function parseRequestParams(string $source): array
         // parse_str urldecodes both keys and values in resulting array.
         parse_str($source, $params);
 
-        return array_combine(array_map('hex2bin', array_keys($params)), $params);
+        $keys = array_map(
+            static fn (string $key): string => preg_match('/\A(?:[0-9a-f]{2})+\z/', $key) ? hex2bin($key) : $key,
+            array_keys($params),
+        );
+
+        return array_combine($keys, $params);
     }
 
     /**