diff --git a/Iceshrimp.Backend/Core/Middleware/AuthenticationMiddleware.cs b/Iceshrimp.Backend/Core/Middleware/AuthenticationMiddleware.cs
index 0dd1cf3f..35dae18f 100644
--- a/Iceshrimp.Backend/Core/Middleware/AuthenticationMiddleware.cs
+++ b/Iceshrimp.Backend/Core/Middleware/AuthenticationMiddleware.cs
@@ -62,8 +62,8 @@ public class AuthenticationMiddleware(
 			}
 
 			if ((attribute.AdminRole && !oauthToken.User.IsAdmin) ||
-			    (attribute.ModeratorRole &&
-			     oauthToken.User is { IsAdmin: false, IsModerator: false }))
+			    (attribute.ModeratorRole && oauthToken.User is { IsAdmin: false, IsModerator: false }) ||
+			    (attribute.Scopes.Any(p => p is "admin" || p.StartsWith("admin:")) && !oauthToken.User.IsAdmin))
 			{
 				await next(ctx);
 				return;
diff --git a/Iceshrimp.Backend/Core/Middleware/AuthorizationMiddleware.cs b/Iceshrimp.Backend/Core/Middleware/AuthorizationMiddleware.cs
index 15327720..390ba750 100644
--- a/Iceshrimp.Backend/Core/Middleware/AuthorizationMiddleware.cs
+++ b/Iceshrimp.Backend/Core/Middleware/AuthorizationMiddleware.cs
@@ -26,6 +26,8 @@ public class AuthorizationMiddleware(RequestDelegate next) : ConditionalMiddlewa
 				throw GracefulException.Forbidden("This action is outside the authorized scopes");
 			if (attribute.ModeratorRole && token.User is { IsAdmin: false, IsModerator: false })
 				throw GracefulException.Forbidden("This action is outside the authorized scopes");
+			if (attribute.Scopes.Any(p => p is "admin" || p.StartsWith("admin:") && !token.User.IsAdmin))
+				throw GracefulException.Forbidden("This action is outside the authorized scopes");
 		}
 		else
 		{