diff --git a/android/guava/src/com/google/common/net/MediaType.java b/android/guava/src/com/google/common/net/MediaType.java
index 07732d9aa66f..aef655351af0 100644
--- a/android/guava/src/com/google/common/net/MediaType.java
+++ b/android/guava/src/com/google/common/net/MediaType.java
@@ -1255,7 +1255,7 @@ private static String escapeAndQuote(String value) {
     StringBuilder escaped = new StringBuilder(value.length() + 16).append('"');
     for (int i = 0; i < value.length(); i++) {
       char ch = value.charAt(i);
-      if (ch == '\r' || ch == '\\' || ch == '"') {
+      if (ch == '\r' || ch == '\n' || ch == '\\' || ch == '"') {
         escaped.append('\\');
       }
       escaped.append(ch);
diff --git a/guava-tests/test/com/google/common/net/MediaTypeTest.java b/guava-tests/test/com/google/common/net/MediaTypeTest.java
index 32fec78f343f..6aab2f1dc474 100644
--- a/guava-tests/test/com/google/common/net/MediaTypeTest.java
+++ b/guava-tests/test/com/google/common/net/MediaTypeTest.java
@@ -494,4 +494,23 @@ public void testToString() {
             "text/plain; something=\"cr@zy\"; something-else=\"crazy with spaces\";"
                 + " and-another-thing=\"\"; normal-thing=foo");
   }
+
+  public void testEscapeAndQuote_newlineEscaped() {
+    // Newline characters must be escaped in quoted parameter values to prevent
+    // HTTP header injection when MediaType.toString() is used in HTTP headers.
+    MediaType mediaType =
+        MediaType.create("text", "plain").withParameter("param", "value\ninjected");
+    String result = mediaType.toString();
+    // The \n must be backslash-escaped, not present as a raw 0x0A byte
+    assertThat(result).doesNotContain("\n");
+    assertThat(result).isEqualTo("text/plain; param=\"value\\\ninjected\"");
+  }
+
+  public void testEscapeAndQuote_crEscaped() {
+    // Carriage return was already escaped (pre-existing behavior)
+    MediaType mediaType =
+        MediaType.create("text", "plain").withParameter("param", "value\rinjected");
+    String result = mediaType.toString();
+    assertThat(result).doesNotContain("\r");
+  }
 }
diff --git a/guava/src/com/google/common/net/MediaType.java b/guava/src/com/google/common/net/MediaType.java
index 07732d9aa66f..aef655351af0 100644
--- a/guava/src/com/google/common/net/MediaType.java
+++ b/guava/src/com/google/common/net/MediaType.java
@@ -1255,7 +1255,7 @@ private static String escapeAndQuote(String value) {
     StringBuilder escaped = new StringBuilder(value.length() + 16).append('"');
     for (int i = 0; i < value.length(); i++) {
       char ch = value.charAt(i);
-      if (ch == '\r' || ch == '\\' || ch == '"') {
+      if (ch == '\r' || ch == '\n' || ch == '\\' || ch == '"') {
         escaped.append('\\');
       }
       escaped.append(ch);