diff --git a/backend/routes/reports.js b/backend/routes/reports.js
index 2fab946..d0345a7 100644
--- a/backend/routes/reports.js
+++ b/backend/routes/reports.js
@@ -177,10 +177,24 @@ router.put(
     db.get("SELECT * FROM reports WHERE id = ?", [reportId], (err, report) => {
       if (err || !report)
         return res.status(404).json({ error: "Report not found" });
+      // Not admin & not owner
       if (req.user.role !== "admin" && report.userId !== req.user.userId) {
         return res.status(403).json({ error: "Forbidden" });
       }
 
+      // Not admin & trying to edit a verified report
+      if (
+        req.user.role !== "admin" &&
+        (report.isVerified === 1 ||
+          report.isVerified === true ||
+          report.verified === 1 ||
+          report.verified === true)
+      ) {
+        return res
+          .status(403)
+          .json({ error: "Запрещено редактировать подтвержденный отчет" });
+      }
+
       const fields = [];
       const values = [];
       for (const key of [