diff --git a/frontend/ee b/frontend/ee
index 1e9ecf7ea6..0483976124 160000
--- a/frontend/ee
+++ b/frontend/ee
@@ -1 +1 @@
-Subproject commit 1e9ecf7ea675a48622726c79e3382258701e3c14
+Subproject commit 04839761243719f881c4a9ebbb052fc09ab6b967
diff --git a/server/ee b/server/ee
index 1d1c2c05b1..2cd39bdde4 160000
--- a/server/ee
+++ b/server/ee
@@ -1 +1 @@
-Subproject commit 1d1c2c05b112e12f01a219567973a70ddf2935cb
+Subproject commit 2cd39bdde430a78b4d6ebcd119d02a6fda924739
diff --git a/server/src/modules/organization-users/service.ts b/server/src/modules/organization-users/service.ts
index c22aaf60dd..56d9748c9c 100644
--- a/server/src/modules/organization-users/service.ts
+++ b/server/src/modules/organization-users/service.ts
@@ -193,10 +193,20 @@ export class OrganizationUsersService implements IOrganizationUsersService {
     let invalidGroups = [];
     const emailPattern = /^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i;
     const invalidRoles = [];
+    const allowedColumns = ['first name', 'last name', 'email', 'user role', 'group'];
     const groupPermissions = (
       await this.groupPermissionsUtilService.getAllGroupByOrganization(currentUser.organizationId)
     ).groupPermissions?.filter((gp) => !gp.disabled);
     const existingGroups = groupPermissions.map((groupPermission) => groupPermission.name);
+
+    const csvData = fileStream.toString();
+    const firstLine = csvData.split('\n')[0];
+    const actualColumns = firstLine.split(',').map(col => col.trim().toLowerCase());
+    const extraColumns = actualColumns.filter(col => !allowedColumns.includes(col));
+    
+    if (extraColumns.length > 0) {
+      throw new BadRequestException(`${extraColumns.join(', ')} ${extraColumns.length > 1 ? 'are' : 'is'} not allowed`);
+    }
     csv
       .parseString(fileStream.toString(), {
         headers: ['first_name', 'last_name', 'email', 'user_role', 'groups'],