diff --git a/dojo/api_v2/serializers.py b/dojo/api_v2/serializers.py
index d1d36de473a..e73531e16f9 100644
--- a/dojo/api_v2/serializers.py
+++ b/dojo/api_v2/serializers.py
@@ -8,6 +8,7 @@
 
 import six
 import tagulous
+from defusedxml import ElementTree as ET
 from django.conf import settings
 from django.contrib.auth.models import Group, Permission
 from django.contrib.auth.password_validation import validate_password
@@ -2393,6 +2394,8 @@ def process_scan(
             duration = time.perf_counter() - start_time
             LargeScanSizeProductAnnouncement(response_data=data, duration=duration)
             ScanTypeProductAnnouncement(response_data=data, scan_type=context.get("scan_type"))
+        except ET.ParseError as e:
+            raise serializers.ValidationError({"file": f"Malformed XML: {e}"})
         # convert to exception otherwise django rest framework will swallow them as 400 error
         # exceptions are already logged in the importer
         except SyntaxError as se:
@@ -2701,6 +2704,8 @@ def process_scan(
             duration = time.perf_counter() - start_time
             LargeScanSizeProductAnnouncement(response_data=data, duration=duration)
             ScanTypeProductAnnouncement(response_data=data, scan_type=context.get("scan_type"))
+        except ET.ParseError as e:
+            raise serializers.ValidationError({"file": f"Malformed XML: {e}"})
         # convert to exception otherwise django rest framework will swallow them as 400 error
         # exceptions are already logged in the importer
         except SyntaxError as se:
@@ -2783,6 +2788,8 @@ def save(self):
                     create_dojo_meta,
                     origin="API",
                 )
+        except ET.ParseError as e:
+            raise serializers.ValidationError({"file": f"Malformed XML: {e}"})
         except SyntaxError as se:
             raise Exception(se)
         except ValueError as ve:
diff --git a/unittests/scans/zap/malformed.xml b/unittests/scans/zap/malformed.xml
new file mode 100644
index 00000000000..bbdf0d66937
--- /dev/null
+++ b/unittests/scans/zap/malformed.xml
@@ -0,0 +1 @@
+<root
\ No newline at end of file
diff --git a/unittests/test_issue_14752.py b/unittests/test_issue_14752.py
new file mode 100644
index 00000000000..9f954054f9f
--- /dev/null
+++ b/unittests/test_issue_14752.py
@@ -0,0 +1,27 @@
+from unittests.dojo_test_case import DojoAPITestCase
+import os
+
+class XMLParseErrorTest(DojoAPITestCase):
+    fixtures = ["dojo_testdata.json"]
+
+    def setUp(self):
+        super().setUp()
+        self.login_as_admin()
+
+    def test_import_scan_malformed_xml_zap(self):
+        """
+        Test that importing a malformed XML file via the API returns a 400 error
+        instead of crashing the worker (propagating ParseError).
+        """
+        # engagement 1 should exist from fixtures
+        relative_path = os.path.join("scans", "zap", "malformed.xml")
+
+        # We expect a 400 Bad Request if handled
+        response = self.import_scan_with_params(
+            filename=relative_path,
+            scan_type="ZAP Scan",
+            engagement=1,
+            expected_http_status_code=400
+        )
+        
+        self.assertIn("Malformed XML", response["file"][0])