diff --git a/CHANGELOG.md b/CHANGELOG.md
index b81a24aeebff..08ae186b48ec 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -35,6 +35,8 @@
 
 ### Fixed
 
+- [#6327](https://github.com/ChainSafe/forest/pull/6327) Fixed: Forest returns 404 for all invalid api paths.
+
 ## Forest v0.30.5 "Dulce de Leche"
 
 Non-mandatory release supporting new API methods and addressing a critical panic issue.
diff --git a/scripts/tests/calibnet_other_check.sh b/scripts/tests/calibnet_other_check.sh
index bc4e97427b05..ccaf1ac68b79 100755
--- a/scripts/tests/calibnet_other_check.sh
+++ b/scripts/tests/calibnet_other_check.sh
@@ -97,6 +97,14 @@ if [ "$session" == "" ]; then
   exit 1
 fi
 
+# Assert invalid API path returns HTTP 404
+echo "Testing invalid API path handling"
+status_code=$(curl -s -o /dev/null -w "%{http_code}" -X POST http://localhost:2345/rpc/v3 -H "Content-Type: application/json" --data '{"jsonrpc":"2.0","method":"Filecoin.Version","id":1}')
+if [ "$status_code" != "404" ]; then
+  echo "Unexpected status code for invalid RPC path: $status_code"
+  exit 1
+fi
+
 # Assert unsupported method returns HTTP 200 but RPC error code -32601
 echo "Testing unsupported RPC method handling"
 unsupported_response=$(curl -s -X POST http://localhost:2345/rpc/v1 -H "Content-Type: application/json" --data '{"jsonrpc":"2.0","method":"Invoke.Cthulhu","params":[],"id":1}')
diff --git a/src/rpc/mod.rs b/src/rpc/mod.rs
index be1c06dc45ae..8f37c21297db 100644
--- a/src/rpc/mod.rs
+++ b/src/rpc/mod.rs
@@ -586,7 +586,17 @@ where
             let filter_list = filter_list.clone();
             move |req| {
                 let is_websocket = jsonrpsee::server::ws::is_upgrade_request(&req);
-                let path = ApiPaths::from_uri(req.uri()).unwrap_or(ApiPaths::V1);
+                let path = if let Ok(p) = ApiPaths::from_uri(req.uri()) {
+                    p
+                } else {
+                    return async move {
+                        Ok(http::Response::builder()
+                            .status(http::StatusCode::NOT_FOUND)
+                            .body(Default::default())
+                            .unwrap_or_else(|_| http::Response::new(Default::default())))
+                    }
+                    .boxed();
+                };
                 let methods = methods.get(&path).cloned().unwrap_or_default();
                 let PerConnection {
                     stop_handle,
diff --git a/src/rpc/reflect/mod.rs b/src/rpc/reflect/mod.rs
index 693cd797d79e..db6a5f454c55 100644
--- a/src/rpc/reflect/mod.rs
+++ b/src/rpc/reflect/mod.rs
@@ -158,9 +158,7 @@ impl ApiPaths {
     }
 
     pub fn from_uri(uri: &Uri) -> anyhow::Result<Self> {
-        Ok(Self::from_str(
-            uri.path().split("/").last().expect("infallible"),
-        )?)
+        Ok(Self::from_str(uri.path().trim_start_matches("/rpc/"))?)
     }
 
     pub fn path(&self) -> &'static str {