diff --git a/changelog.d/19240.bugfix b/changelog.d/19240.bugfix
new file mode 100644
index 0000000000..d8490bcc1f
--- /dev/null
+++ b/changelog.d/19240.bugfix
@@ -0,0 +1 @@
+Fix bug where invalid `canonical_alias` content would return 500 instead of 400.
diff --git a/synapse/handlers/message.py b/synapse/handlers/message.py
index bac4bd9361..a6499de3a8 100644
--- a/synapse/handlers/message.py
+++ b/synapse/handlers/message.py
@@ -1955,6 +1955,12 @@ class EventCreationHandler:
                 room_alias_str = event.content.get("alias", None)
                 directory_handler = self.hs.get_directory_handler()
                 if room_alias_str and room_alias_str != original_alias:
+                    if not isinstance(room_alias_str, str):
+                        raise SynapseError(
+                            400,
+                            "The alias must be of type string.",
+                            Codes.INVALID_PARAM,
+                        )
                     await self._validate_canonical_alias(
                         directory_handler, room_alias_str, event.room_id
                     )
@@ -1978,6 +1984,12 @@ class EventCreationHandler:
                 new_alt_aliases = set(alt_aliases) - set(original_alt_aliases)
                 if new_alt_aliases:
                     for alias_str in new_alt_aliases:
+                        if not isinstance(alias_str, str):
+                            raise SynapseError(
+                                400,
+                                "Each alt_alias must be of type string.",
+                                Codes.INVALID_PARAM,
+                            )
                         await self._validate_canonical_alias(
                             directory_handler, alias_str, event.room_id
                         )
diff --git a/tests/rest/client/test_rooms.py b/tests/rest/client/test_rooms.py
index 68e09afc54..926560afd6 100644
--- a/tests/rest/client/test_rooms.py
+++ b/tests/rest/client/test_rooms.py
@@ -3880,9 +3880,11 @@ class RoomCanonicalAliasTestCase(unittest.HomeserverTestCase):
         self._set_canonical_alias({"alt_aliases": False}, expected_code=400)
         self._set_canonical_alias({"alt_aliases": True}, expected_code=400)
         self._set_canonical_alias({"alt_aliases": {}}, expected_code=400)
+        self._set_canonical_alias({"alt_aliases": [0]}, expected_code=400)
 
     def test_bad_alias(self) -> None:
         """An alias which does not point to the room raises a SynapseError."""
+        self._set_canonical_alias({"alias": {"@unknown:test": "a"}}, expected_code=400)
         self._set_canonical_alias({"alias": "@unknown:test"}, expected_code=400)
         self._set_canonical_alias({"alt_aliases": ["@unknown:test"]}, expected_code=400)