diff --git a/lib/pleroma/web/activity_pub/object_validators/update_validator.ex b/lib/pleroma/web/activity_pub/object_validators/update_validator.ex
index ad3c0e3e2..4c0d9dff7 100644
--- a/lib/pleroma/web/activity_pub/object_validators/update_validator.ex
+++ b/lib/pleroma/web/activity_pub/object_validators/update_validator.ex
@@ -105,7 +105,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.UpdateValidator do
           cng
           |> add_error(:object, "Can't be updated by this actor")
 
-        true ->
+        _ ->
           cng
           |> add_error(:object, "Update is neither for Object or Actor")
       end
diff --git a/test/pleroma/web/activity_pub/activity_pub_controller_test.exs b/test/pleroma/web/activity_pub/activity_pub_controller_test.exs
index 62c1dd830..b8af1e31b 100644
--- a/test/pleroma/web/activity_pub/activity_pub_controller_test.exs
+++ b/test/pleroma/web/activity_pub/activity_pub_controller_test.exs
@@ -819,6 +819,39 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
       refute Activity.get_by_ap_id(data["id"])
     end
 
+    test "does not delete an object after failed signature retry", %{conn: conn} do
+      alice = insert(:user, local: false, ap_id: "https://one.com/users/alice")
+      bob = insert(:user, local: false, ap_id: "https://two.com/users/bob")
+      note = insert(:note)
+      object_id = note.data["id"]
+
+      data = %{
+        "type" => "Delete",
+        "actor" => bob.ap_id,
+        "id" => "https://two.com/activities/inbox-forged-delete",
+        "to" => ["https://www.w3.org/ns/activitystreams#Public"],
+        "cc" => [],
+        "object" => object_id
+      }
+
+      expect_signature_retry_from(alice)
+
+      conn =
+        conn
+        |> assign(:valid_signature, false)
+        |> put_req_header("content-type", "application/activity+json")
+        |> put_req_header("signature", "keyId=\"https://one.com/users/alice#main-key\"")
+        |> post("/inbox", data)
+
+      assert "ok" == json_response(conn, 200)
+
+      assert [{:cancel, :actor_signature_mismatch}] =
+               ObanHelpers.perform(all_enqueued(worker: SignatureRetryWorker))
+
+      refute Activity.get_by_ap_id(data["id"])
+      assert %Object{data: %{"type" => "Note"}} = Object.get_by_ap_id(object_id)
+    end
+
     test "does not create a forged post signed by a different actor", %{conn: conn} do
       alice = insert(:user, local: false, ap_id: "https://one.com/users/alice")
       bob = insert(:user, local: false, ap_id: "https://two.com/users/bob")
diff --git a/test/pleroma/workers/receiver_worker_test.exs b/test/pleroma/workers/receiver_worker_test.exs
index 67a3f902e..ea05f38f1 100644
--- a/test/pleroma/workers/receiver_worker_test.exs
+++ b/test/pleroma/workers/receiver_worker_test.exs
@@ -237,6 +237,22 @@ defmodule Pleroma.Workers.ReceiverWorkerTest do
     refute Pleroma.Object.get_by_ap_id(object_id)
   end
 
+  test "fails closed for legacy retry jobs missing one metadata field" do
+    alice = insert(:user, local: false, ap_id: "https://one.com/users/alice")
+    params = insert(:note_activity).data
+
+    assert {:cancel, :missing_signature_retry_metadata} =
+             ReceiverWorker.perform(%Oban.Job{
+               args: %{
+                 "op" => "incoming_ap_doc",
+                 "method" => "POST",
+                 "params" => params,
+                 "req_headers" => signature_headers_for(alice),
+                 "request_path" => "/inbox"
+               }
+             })
+  end
+
   test "fails closed for malformed legacy metadata jobs without params" do
     assert {:cancel, :missing_signature_retry_metadata} =
              ReceiverWorker.perform(%Oban.Job{
diff --git a/test/pleroma/workers/signature_retry_worker_test.exs b/test/pleroma/workers/signature_retry_worker_test.exs
index f4ec0e2e3..94dd5f6c1 100644
--- a/test/pleroma/workers/signature_retry_worker_test.exs
+++ b/test/pleroma/workers/signature_retry_worker_test.exs
@@ -399,6 +399,31 @@ defmodule Pleroma.Workers.SignatureRetryWorkerTest do
     assert_mismatched_signature_cancelled(create, alice)
   end
 
+  test "cancels signature actor mismatch when payload actor is embedded" do
+    alice = insert(:user, local: false, ap_id: "https://one.com/users/alice")
+    bob = insert(:user, local: false, ap_id: "https://two.com/users/bob")
+
+    create = %{
+      "type" => "Create",
+      "actor" => %{"id" => bob.ap_id},
+      "id" => "https://two.com/activities/embedded-actor-forged-create",
+      "to" => ["https://www.w3.org/ns/activitystreams#Public"],
+      "cc" => [],
+      "object" => %{
+        "type" => "Note",
+        "id" => "https://two.com/objects/embedded-actor-forged-note",
+        "actor" => bob.ap_id,
+        "attributedTo" => bob.ap_id,
+        "content" => "forged post",
+        "published" => "2024-07-25T13:33:31Z",
+        "to" => ["https://www.w3.org/ns/activitystreams#Public"],
+        "cc" => []
+      }
+    }
+
+    assert_mismatched_signature_cancelled(create, alice)
+  end
+
   test "logs signature actor mismatch retry rejections" do
     alice = insert(:user, local: false, ap_id: "https://one.com/users/alice")
     bob = insert(:user, local: false, ap_id: "https://two.com/users/bob")