diff --git a/src/Middleware/CorsMiddleware.php b/src/Middleware/CorsMiddleware.php
index aa4f93e..63fdf0c 100644
--- a/src/Middleware/CorsMiddleware.php
+++ b/src/Middleware/CorsMiddleware.php
@@ -4,6 +4,7 @@
 
 namespace Mezzio\Cors\Middleware;
 
+use Mezzio\Cors\Exception\InvalidOriginValueException;
 use Mezzio\Cors\Middleware\Exception\InvalidConfigurationException;
 use Mezzio\Cors\Service\ConfigurationLocatorInterface;
 use Mezzio\Cors\Service\CorsInterface;
@@ -46,11 +47,18 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
             throw InvalidConfigurationException::fromInvalidPipelineConfiguration();
         }
 
-        if (! $this->cors->isCorsRequest($request)) {
+        try {
+            $isCorsRequest = $this->cors->isCorsRequest($request);
+        } catch (InvalidOriginValueException $exception) {
+            return $this->responseFactory->unauthorized($exception->origin);
+        }
+
+        if (! $isCorsRequest) {
             return $this->vary($handler->handle($request));
         }
 
         $metadata = $this->cors->metadata($request);
+
         if ($this->cors->isPreflightRequest($request)) {
             return $this->preflight($metadata) ?? $handler->handle($request);
         }