diff --git a/app/controllers/api/teams.php b/app/controllers/api/teams.php
index c2a7754c68..65023e42f8 100644
--- a/app/controllers/api/teams.php
+++ b/app/controllers/api/teams.php
@@ -831,6 +831,14 @@ App::delete('/v1/teams/:teamId/memberships/:membershipId')
             throw new Exception('Team not found', 404, Exception::TEAM_NOT_FOUND);
         }
 
+        /**
+         * Force document security
+         */
+        $validator = new Authorization('delete');
+        if (!$validator->isValid($membership->getDelete())) {
+            throw new Exception('Unauthorized permissions', 401, Exception::USER_UNAUTHORIZED);
+        }
+
         try {
             $dbForProject->deleteDocument('memberships', $membership->getId());
         } catch (AuthorizationException $exception) {