diff --git a/services/web/app/src/Features/Collaborators/CollaboratorsController.mjs b/services/web/app/src/Features/Collaborators/CollaboratorsController.mjs
index 8c208e807e..7c23b4cc3f 100644
--- a/services/web/app/src/Features/Collaborators/CollaboratorsController.mjs
+++ b/services/web/app/src/Features/Collaborators/CollaboratorsController.mjs
@@ -131,10 +131,20 @@ async function setCollaboratorInfo(req, res, next) {
   }
 }
 
+const transferOwnershipSchema = z.object({
+  params: z.object({
+    Project_id: zz.objectId(),
+  }),
+  body: z.object({
+    user_id: zz.objectId(),
+  }),
+})
+
 async function transferOwnership(req, res, next) {
   const sessionUser = SessionManager.getSessionUser(req.session)
-  const projectId = req.params.Project_id
-  const toUserId = req.body.user_id
+  const { params, body } = validateReq(req, transferOwnershipSchema)
+  const projectId = params.Project_id
+  const toUserId = body.user_id
   try {
     await OwnershipTransferHandler.promises.transferOwnership(
       projectId,
diff --git a/services/web/app/src/Features/Collaborators/CollaboratorsRouter.mjs b/services/web/app/src/Features/Collaborators/CollaboratorsRouter.mjs
index 3ff1a36a9e..7260e3e4db 100644
--- a/services/web/app/src/Features/Collaborators/CollaboratorsRouter.mjs
+++ b/services/web/app/src/Features/Collaborators/CollaboratorsRouter.mjs
@@ -65,14 +65,6 @@ export default {
     webRouter.post(
       '/project/:Project_id/transfer-ownership',
       AuthenticationController.requireLogin(),
-      validate({
-        params: Joi.object({
-          Project_id: Joi.objectId(),
-        }),
-        body: Joi.object({
-          user_id: Joi.objectId(),
-        }),
-      }),
       AuthorizationMiddleware.ensureUserCanAdminProject,
       CollaboratorsController.transferOwnership
     )