diff --git a/changelog.d/binary_to_term-rce.security b/changelog.d/binary_to_term-rce.security
new file mode 100644
index 000000000..4e29c3628
--- /dev/null
+++ b/changelog.d/binary_to_term-rce.security
@@ -0,0 +1 @@
+- Fix unsafe cast of database-stored configuration values that could lead to code execution
\ No newline at end of file
diff --git a/lib/pleroma/captcha.ex b/lib/pleroma/captcha.ex
index 03910f189..8b252d52f 100644
--- a/lib/pleroma/captcha.ex
+++ b/lib/pleroma/captcha.ex
@@ -66,7 +66,7 @@ defmodule Pleroma.Captcha do
 
     with false <- is_nil(answer_data),
          {:ok, data} <- MessageEncryptor.decrypt(answer_data, secret, sign_secret),
-         %{at: at, answer_data: answer_md5} <- :erlang.binary_to_term(data) do
+         %{at: at, answer_data: answer_md5} <- Plug.Crypto.non_executable_binary_to_term(data) do
       {:ok, %{at: at, answer_data: answer_md5}}
     else
       _ -> {:error, :invalid_answer_data}
diff --git a/lib/pleroma/ecto_type/config/binary_value.ex b/lib/pleroma/ecto_type/config/binary_value.ex
index 4aad0cfce..0ad861ae6 100644
--- a/lib/pleroma/ecto_type/config/binary_value.ex
+++ b/lib/pleroma/ecto_type/config/binary_value.ex
@@ -11,14 +11,14 @@ defmodule Pleroma.EctoType.Config.BinaryValue do
     if String.valid?(value) do
       {:ok, value}
     else
-      {:ok, :erlang.binary_to_term(value)}
+      {:ok, Plug.Crypto.non_executable_binary_to_term(value)}
     end
   end
 
   def cast(value), do: {:ok, value}
 
   def load(value) when is_binary(value) do
-    {:ok, :erlang.binary_to_term(value)}
+    {:ok, Plug.Crypto.non_executable_binary_to_term(value)}
   end
 
   def dump(value) do
diff --git a/lib/pleroma/workers/mailer_worker.ex b/lib/pleroma/workers/mailer_worker.ex
index b0259b191..abc1445fb 100644
--- a/lib/pleroma/workers/mailer_worker.ex
+++ b/lib/pleroma/workers/mailer_worker.ex
@@ -9,7 +9,7 @@ defmodule Pleroma.Workers.MailerWorker do
   def perform(%Job{args: %{"op" => "email", "encoded_email" => encoded_email, "config" => config}}) do
     encoded_email
     |> Base.decode64!()
-    |> :erlang.binary_to_term()
+    |> Plug.Crypto.non_executable_binary_to_term()
     |> Pleroma.Emails.Mailer.deliver(config)
   end