diff --git a/packages/core/auth-js/src/lib/helpers.ts b/packages/core/auth-js/src/lib/helpers.ts
index 877fd152fd..e981cd9f7f 100644
--- a/packages/core/auth-js/src/lib/helpers.ts
+++ b/packages/core/auth-js/src/lib/helpers.ts
@@ -369,7 +369,7 @@ export function getAlgorithm(
   }
 }
 
-const UUID_REGEX = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/
+const UUID_REGEX = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i
 
 export function validateUUID(str: string) {
   if (!UUID_REGEX.test(str)) {
diff --git a/packages/core/auth-js/test/helpers.test.ts b/packages/core/auth-js/test/helpers.test.ts
index 37b5308082..49a59a5ef4 100644
--- a/packages/core/auth-js/test/helpers.test.ts
+++ b/packages/core/auth-js/test/helpers.test.ts
@@ -312,6 +312,16 @@ describe('validateUUID', () => {
       input: '123e4567-e89b-12d3-a456-426614174000',
       shouldThrow: false,
     },
+    {
+      name: 'should accept uppercase UUID (UUIDs are case-insensitive per RFC 9562/4122)',
+      input: '123E4567-E89B-12D3-A456-426614174000',
+      shouldThrow: false,
+    },
+    {
+      name: 'should accept mixed-case UUID',
+      input: '123e4567-E89B-12d3-A456-426614174000',
+      shouldThrow: false,
+    },
     {
       name: 'should reject invalid UUID format',
       input: 'not-a-uuid',