diff --git a/monkey/monkey_island/cc/resources/propagation_credentials.py b/monkey/monkey_island/cc/resources/propagation_credentials.py
index 97e8ecc3c..9fb59ad0e 100644
--- a/monkey/monkey_island/cc/resources/propagation_credentials.py
+++ b/monkey/monkey_island/cc/resources/propagation_credentials.py
@@ -21,8 +21,10 @@ class PropagationCredentials(AbstractResource):
             propagation_credentials = self._credentials_repository.get_configured_credentials()
         elif collection == _stolen_collection:
             propagation_credentials = self._credentials_repository.get_stolen_credentials()
-        else:
+        elif collection is None:
             propagation_credentials = self._credentials_repository.get_all_credentials()
+        else:
+            return {}, HTTPStatus.NOT_FOUND
 
         return make_response(Credentials.to_json_array(propagation_credentials), HTTPStatus.OK)
 
@@ -33,8 +35,10 @@ class PropagationCredentials(AbstractResource):
             self._credentials_repository.save_configured_credentials(credentials)
         elif collection == _stolen_collection:
             self._credentials_repository.save_stolen_credentials(credentials)
-        else:
+        elif collection is None:
             return {}, HTTPStatus.METHOD_NOT_ALLOWED
+        else:
+            return {}, HTTPStatus.NOT_FOUND
 
         return {}, HTTPStatus.NO_CONTENT
 
@@ -43,7 +47,9 @@ class PropagationCredentials(AbstractResource):
             self._credentials_repository.remove_configured_credentials()
         elif collection == _stolen_collection:
             self._credentials_repository.remove_stolen_credentials()
-        else:
+        elif collection is None:
             self._credentials_repository.remove_all_credentials()
+        else:
+            return {}, HTTPStatus.NOT_FOUND
 
         return {}, HTTPStatus.NO_CONTENT
diff --git a/monkey/tests/unit_tests/monkey_island/cc/resources/test_propagation_credentials.py b/monkey/tests/unit_tests/monkey_island/cc/resources/test_propagation_credentials.py
index f717fd032..ee78e7a72 100644
--- a/monkey/tests/unit_tests/monkey_island/cc/resources/test_propagation_credentials.py
+++ b/monkey/tests/unit_tests/monkey_island/cc/resources/test_propagation_credentials.py
@@ -122,3 +122,22 @@ def test_stolen_propagation_credentials_endpoint_delete(flask_client, credential
 def test_propagation_credentials_endpoint__propagation_credentials_post_not_allowed(flask_client):
     resp = flask_client.post(ALL_CREDENTIALS_URL, json=[])
     assert resp.status_code == HTTPStatus.METHOD_NOT_ALLOWED
+
+
+def test_propagation_credentials_endpoint__not_found(flask_client):
+    non_existent_collection_url = urljoin(ALL_CREDENTIALS_URL, "bogus-credentials")
+
+    resp = flask_client.get(non_existent_collection_url)
+    assert resp.status_code == HTTPStatus.NOT_FOUND
+
+    resp = flask_client.post(
+        non_existent_collection_url,
+        json=[
+            Credentials.to_json(PROPAGATION_CREDENTIALS_2),
+            Credentials.to_json(PROPAGATION_CREDENTIALS_3),
+        ],
+    )
+    assert resp.status_code == HTTPStatus.NOT_FOUND
+
+    resp = flask_client.delete(non_existent_collection_url)
+    assert resp.status_code == HTTPStatus.NOT_FOUND