diff --git a/packages/rocketchat-emoji-custom/client/models/EmojiCustom.js b/packages/rocketchat-emoji-custom/client/models/EmojiCustom.js
index 369ab9754dc..78cae29a32b 100644
--- a/packages/rocketchat-emoji-custom/client/models/EmojiCustom.js
+++ b/packages/rocketchat-emoji-custom/client/models/EmojiCustom.js
@@ -3,6 +3,18 @@ class EmojiCustom extends RocketChat.models._Base {
 		super();
 		this._initModel('custom_emoji');
 	}
+
+	//find
+	findByNameOrAlias(name, options) {
+		const query = {
+			$or: [
+				{name},
+				{aliases: name}
+			]
+		};
+
+		return this.find(query, options);
+	}
 }
 
 RocketChat.models.EmojiCustom = new EmojiCustom();
diff --git a/packages/rocketchat-reactions/client/methods/setReaction.js b/packages/rocketchat-reactions/client/methods/setReaction.js
index 59d05ae71dc..ec1188f5e40 100644
--- a/packages/rocketchat-reactions/client/methods/setReaction.js
+++ b/packages/rocketchat-reactions/client/methods/setReaction.js
@@ -17,6 +17,8 @@ Meteor.methods({
 			return false;
 		} else if (message.private) {
 			return false;
+		} else if (!RocketChat.emoji.list[reaction] && RocketChat.models.EmojiCustom.findByNameOrAlias(reaction).count() === 0) {
+			return false;
 		}
 
 		if (message.reactions && message.reactions[reaction] && message.reactions[reaction].usernames.indexOf(user.username) !== -1) {
diff --git a/packages/rocketchat-reactions/setReaction.js b/packages/rocketchat-reactions/setReaction.js
index 4027ffcf3bd..9d1b5949405 100644
--- a/packages/rocketchat-reactions/setReaction.js
+++ b/packages/rocketchat-reactions/setReaction.js
@@ -19,6 +19,10 @@ Meteor.methods({
 			throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'setReaction' });
 		}
 
+		if (!RocketChat.emoji.list[reaction] && RocketChat.models.EmojiCustom.findByNameOrAlias(reaction).count() === 0) {
+			throw new Meteor.Error('error-not-allowed', 'Invalid emoji provided.', { method: 'setReaction' });
+		}
+
 		const user = Meteor.user();
 
 		if (Array.isArray(room.muted) && room.muted.indexOf(user.username) !== -1 && !room.reactWhenReadOnly) {
diff --git a/tests/end-to-end/api/05-chat.js b/tests/end-to-end/api/05-chat.js
index c6dca60d2c2..c37cc7a5776 100644
--- a/tests/end-to-end/api/05-chat.js
+++ b/tests/end-to-end/api/05-chat.js
@@ -2,8 +2,8 @@
 /* globals expect */
 /* eslint no-unused-vars: 0 */
 
-import {getCredentials, api, login, request, credentials, message, log, apiPrivateChannelName } from '../../data/api-data.js';
-import {adminEmail, password} from '../../data/user.js';
+import { getCredentials, api, login, request, credentials, message, log, apiPrivateChannelName } from '../../data/api-data.js';
+import { adminEmail, password } from '../../data/user.js';
 import supertest from 'supertest';
 
 describe('[Chat]', function() {
@@ -169,18 +169,20 @@ describe('[Chat]', function() {
 			.end(done);
 	});
 
-	it('/chat.react', (done) => {
-		request.post(api('chat.react'))
-			.set(credentials)
-			.send({
-				emoji: 'smile',
-				messageId: message._id
-			})
-			.expect('Content-Type', 'application/json')
-			.expect(200)
-			.expect((res) => {
-				expect(res.body).to.have.property('success', true);
-			})
-			.end(done);
+	describe('/chat.react', () => {
+		it('should return statusCode: 200 when the emoji is valid', (done) => {
+			request.post(api('chat.react'))
+				.set(credentials)
+				.send({
+					emoji: ':squid:',
+					messageId: message._id
+				})
+				.expect('Content-Type', 'application/json')
+				.expect(200)
+				.expect((res) => {
+					expect(res.body).to.have.property('success', true);
+				})
+				.end(done);
+		});
 	});
 });