diff --git a/server/router/api/v1/user_service.go b/server/router/api/v1/user_service.go
index 64e0e42e9..794949cdd 100644
--- a/server/router/api/v1/user_service.go
+++ b/server/router/api/v1/user_service.go
@@ -301,6 +301,9 @@ func (s *APIV1Service) DeleteUser(ctx context.Context, request *v1pb.DeleteUserR
 	if err != nil {
 		return nil, status.Errorf(codes.Internal, "failed to get user: %v", err)
 	}
+	if currentUser == nil {
+		return nil, status.Errorf(codes.Unauthenticated, "user not authenticated")
+	}
 	if currentUser.ID != userID && currentUser.Role != store.RoleAdmin {
 		return nil, status.Errorf(codes.PermissionDenied, "permission denied")
 	}