diff --git a/internal/handlers/app.go b/internal/handlers/app.go
index 8a94b42..b98eedc 100644
--- a/internal/handlers/app.go
+++ b/internal/handlers/app.go
@@ -1018,7 +1018,8 @@ func parsePortValues(hostPortStr, containerPortStr string) (int, int, bool) {
 	hostPort, hostErr := strconv.Atoi(hostPortStr)
 	containerPort, containerErr := strconv.Atoi(containerPortStr)
 
-	if hostErr != nil || containerErr != nil || hostPort <= 0 || containerPort <= 0 {
+	const maxPort = 65535
+	if hostErr != nil || containerErr != nil || hostPort <= 0 || containerPort <= 0 || hostPort > maxPort || containerPort > maxPort {
 		return 0, 0, false
 	}
 
diff --git a/internal/handlers/port_validation_test.go b/internal/handlers/port_validation_test.go
new file mode 100644
index 0000000..e6d6335
--- /dev/null
+++ b/internal/handlers/port_validation_test.go
@@ -0,0 +1,35 @@
+package handlers
+
+import "testing"
+
+func TestParsePortValues(t *testing.T) {
+	tests := []struct {
+		name      string
+		host      string
+		container string
+		wantHost  int
+		wantCont  int
+		wantValid bool
+	}{
+		{"valid ports", "8080", "80", 8080, 80, true},
+		{"port 1", "1", "1", 1, 1, true},
+		{"port 65535", "65535", "65535", 65535, 65535, true},
+		{"host port above 65535", "99999", "80", 0, 0, false},
+		{"container port above 65535", "80", "99999", 0, 0, false},
+		{"both ports above 65535", "70000", "70000", 0, 0, false},
+		{"zero port", "0", "80", 0, 0, false},
+		{"negative port", "-1", "80", 0, 0, false},
+		{"non-numeric", "abc", "80", 0, 0, false},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			host, cont, valid := parsePortValues(tt.host, tt.container)
+			if host != tt.wantHost || cont != tt.wantCont || valid != tt.wantValid {
+				t.Errorf("parsePortValues(%q, %q) = (%d, %d, %v), want (%d, %d, %v)",
+					tt.host, tt.container, host, cont, valid,
+					tt.wantHost, tt.wantCont, tt.wantValid)
+			}
+		})
+	}
+}