diff --git a/.github/workflows/bump-givenergy-modbus.yml b/.github/workflows/bump-givenergy-modbus.yml
index 9b96bb7..7febb50 100644
--- a/.github/workflows/bump-givenergy-modbus.yml
+++ b/.github/workflows/bump-givenergy-modbus.yml
@@ -29,6 +29,23 @@ jobs:
             echo "::error::no version supplied via client_payload.version or workflow inputs"
             exit 1
           fi
+          # Validate before NEW flows into git refs, commit messages, PR bodies,
+          # GITHUB_OUTPUT, and a Python regex backref template downstream. The
+          # trust boundary here is the BUMP_PAT used to fire the dispatch — a
+          # compromised PAT shouldn't be able to inject shell metacharacters,
+          # newlines (GITHUB_OUTPUT injection), `\g<...>` (regex backref
+          # subversion in the bump step), or git ref operators (`..`, `^`, `:`
+          # in the branch name). The pattern accepts every modbus tag in
+          # history (`X.Y.Z`, `X.Y.ZrcN`, `X.Y.ZaN`) plus forward-looking
+          # PEP 440 `.dev`/`.post` suffixes; the inner repetition deliberately
+          # requires each dot-separated segment to be non-empty, so values
+          # like `2.0.0..` or `2.0.0.post..1` — which would pass a coarser
+          # `[a-z0-9.]+` class but then break `git checkout -B` downstream —
+          # are rejected here instead.
+          if ! [[ "$NEW" =~ ^[0-9]+\.[0-9]+\.[0-9]+([-.]?[a-z0-9]+(\.[a-z0-9]+)*)?$ ]]; then
+            echo "::error::invalid givenergy-modbus version format (must match PEP 440-ish X.Y.Z[-?suffix])"
+            exit 1
+          fi
           # Route the PR to the branch whose dependency range that major
           # version belongs to. Update the case statement when a new release
           # branch (and/or new modbus major) is introduced.