diff --git a/agent/modals/service/service_add.php b/agent/modals/service/service_add.php
index 03178148..340d0c97 100644
--- a/agent/modals/service/service_add.php
+++ b/agent/modals/service/service_add.php
@@ -15,6 +15,7 @@ ob_start();
 </div>
 
 <form action="post.php" method="post" autocomplete="off">
+    <input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
 
     <div class="modal-body">
         <?php if ($client_id) { ?>
diff --git a/agent/modals/service/service_edit.php b/agent/modals/service/service_edit.php
index 05e1970a..597198a6 100644
--- a/agent/modals/service/service_edit.php
+++ b/agent/modals/service/service_edit.php
@@ -92,6 +92,7 @@ ob_start();
 </div>
 
 <form action="post.php" method="post" autocomplete="off">
+    <input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
     <input type="hidden" name="client_id" value="<?php echo $client_id ?>">
     <input type="hidden" name="service_id" value="<?php echo $service_id ?>">
 
diff --git a/agent/post/service.php b/agent/post/service.php
index b3523286..b27ceb39 100644
--- a/agent/post/service.php
+++ b/agent/post/service.php
@@ -8,6 +8,8 @@ defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
 
 if (isset($_POST['add_service'])) {
 
+    validateCSRFToken($_POST['csrf_token']);
+
     enforceUserPermission('module_support', 2);
 
     $client_id = intval($_POST['client_id']);
@@ -84,6 +86,8 @@ if (isset($_POST['add_service'])) {
 
 if (isset($_POST['edit_service'])) {
 
+    validateCSRFToken($_POST['csrf_token']);
+
     enforceUserPermission('module_support', 2);
 
     $client_id = intval($_POST['client_id']);