diff --git a/app/controllers/submissions_controller.rb b/app/controllers/submissions_controller.rb
index 1ee113dfbe..9a76f9df37 100644
--- a/app/controllers/submissions_controller.rb
+++ b/app/controllers/submissions_controller.rb
@@ -108,8 +108,13 @@ def create
     para[:user_id] = current_user.id
     para[:code].gsub!(/\r\n?/, "\n")
     para[:evaluate] = true # immediately evaluate after create
+    # check if user is member of course
     course = Course.find(para[:course_id]) if para[:course_id].present?
     para.delete(:course_id) if para[:course_id].present? && course.subscribed_members.exclude?(current_user)
+    # check if series is part of course
+    series = Series.find(para[:series_id]) if para[:series_id].present? && para[:course_id].present?
+    para.delete(:series_id) if para[:series_id].present? && course.series.exclude?(series)
+
     submission = Submission.new(para)
     can_submit = true
     if submission.exercise.present?
diff --git a/app/policies/submission_policy.rb b/app/policies/submission_policy.rb
index 65e5e39d06..444cac8d21 100644
--- a/app/policies/submission_policy.rb
+++ b/app/policies/submission_policy.rb
@@ -44,7 +44,7 @@ def media?
   end
 
   def permitted_attributes
-    %i[code exercise_id course_id]
+    %i[code exercise_id course_id series_id]
   end
 
   private