diff --git a/cbor/decode.go b/cbor/decode.go
index d015fc1f..a41f54cc 100644
--- a/cbor/decode.go
+++ b/cbor/decode.go
@@ -1,4 +1,4 @@
-// Copyright 2024 Blink Labs Software
+// Copyright 2025 Blink Labs Software
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -17,6 +17,7 @@ package cbor
 import (
 	"bytes"
 	"fmt"
+	"math"
 	"reflect"
 	"sync"
 
@@ -68,6 +69,9 @@ func DecodeIdFromList(cborData []byte) (int, error) {
 	switch v := tmp.Value().([]interface{})[0].(type) {
 	// The upstream CBOR library uses uint64 by default for numeric values
 	case uint64:
+		if v > uint64(math.MaxInt) {
+			return 0, fmt.Errorf("decoded numeric value too large: uint64 > int")
+		}
 		return int(v), nil
 	default:
 		return 0, fmt.Errorf("first list item was not numeric, found: %v", v)