diff --git a/qbittorrent/CHANGELOG.md b/qbittorrent/CHANGELOG.md
index 679aaf210..9ff7d5703 100644
--- a/qbittorrent/CHANGELOG.md
+++ b/qbittorrent/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 5.1.4-9 (05-02-2026)
+- Move OpenVPN/WireGuard config filename validation from schema to runtime scripts
+- Validate config name only when the related VPN mode is enabled
+
 ## 5.1.4-8 (05-02-2026)
 - Allow more complex vpn config names
 - Rewrite the openvpn and wireguard scripts in order to make them more robust, secure, and compatible with more suppliers @litinoveweedle
diff --git a/qbittorrent/config.yaml b/qbittorrent/config.yaml
index 54ea35261..d3d255a41 100644
--- a/qbittorrent/config.yaml
+++ b/qbittorrent/config.yaml
@@ -128,7 +128,7 @@ schema:
   keyfile: str
   localdisks: str?
   networkdisks: str?
-  openvpn_config: match(^[A-Za-z0-9._-]+\.(conf|ovpn)$)?
+  openvpn_config: str?
   openvpn_enabled: bool?
   openvpn_password: str?
   openvpn_username: str?
@@ -136,10 +136,10 @@ schema:
   run_duration: str?
   silent: bool?
   ssl: bool
-  wireguard_config: match(^[A-Za-z0-9._-]+\.conf$)?
+  wireguard_config: str?
   wireguard_enabled: bool?
   whitelist: str?
 slug: qbittorrent
 udev: true
 url: https://github.com/alexbelgium/hassio-addons
-version: "5.1.4-8"
+version: "5.1.4-9"
diff --git a/qbittorrent/rootfs/etc/cont-init.d/93-openvpn.sh b/qbittorrent/rootfs/etc/cont-init.d/93-openvpn.sh
index 9f4016a4d..d9688c47d 100755
--- a/qbittorrent/rootfs/etc/cont-init.d/93-openvpn.sh
+++ b/qbittorrent/rootfs/etc/cont-init.d/93-openvpn.sh
@@ -48,6 +48,10 @@ chmod 600 "${OPENVPN_STATE_DIR}/credentials.conf"
 if bashio::config.has_value "openvpn_config"; then
     openvpn_config="$(bashio::config 'openvpn_config')"
     openvpn_config="${openvpn_config##*/}"
+    if [[ ! "${openvpn_config}" =~ ^[A-Za-z0-9._-]+\.(conf|ovpn)$ ]]; then
+        bashio::log.fatal "Invalid openvpn_config filename '${openvpn_config}'. Allowed characters: letters, numbers, dot, underscore, dash. Extension must be .conf or .ovpn."
+        bashio::addon.stop
+    fi
 fi
 if [[ -z "${openvpn_config}" ]]; then
     bashio::log.info 'openvpn_config option left empty. Attempting automatic selection.'
diff --git a/qbittorrent/rootfs/etc/cont-init.d/94-wireguard.sh b/qbittorrent/rootfs/etc/cont-init.d/94-wireguard.sh
index bc622068a..855ef7504 100755
--- a/qbittorrent/rootfs/etc/cont-init.d/94-wireguard.sh
+++ b/qbittorrent/rootfs/etc/cont-init.d/94-wireguard.sh
@@ -29,6 +29,10 @@ bashio::log.info "------------------------------"
 if bashio::config.has_value "wireguard_config"; then
     wireguard_config="$(bashio::config 'wireguard_config')"
     wireguard_config="${wireguard_config##*/}"
+    if [[ ! "${wireguard_config}" =~ ^[A-Za-z0-9._-]+\.conf$ ]]; then
+        bashio::log.fatal "Invalid wireguard_config filename '${wireguard_config}'. Allowed characters: letters, numbers, dot, underscore, dash. Extension must be .conf."
+        bashio::addon.stop
+    fi
 fi
 if [[ -z "${wireguard_config}" ]]; then
     bashio::log.info 'wireguard_config option left empty. Attempting automatic selection.'