diff --git a/app/api/endpoints/system.py b/app/api/endpoints/system.py
index 429fad8f..954261bd 100644
--- a/app/api/endpoints/system.py
+++ b/app/api/endpoints/system.py
@@ -50,7 +50,6 @@ def fetch_image(
     """
     处理图片缓存逻辑，支持HTTP缓存和磁盘缓存
     """
-
     if not url:
         raise HTTPException(status_code=404, detail="URL not provided")
 
@@ -68,6 +67,10 @@ def fetch_image(
         sanitized_path = SecurityUtils.sanitize_url_path(url)
         cache_path = settings.CACHE_PATH / "images" / sanitized_path
 
+        # 没有文件类型，则添加后缀，在恶意文件类型和实际需求下的折衷选择
+        if not cache_path.suffix:
+            cache_path = cache_path.with_suffix(".jpg")
+
         # 确保缓存路径和文件类型合法
         if not SecurityUtils.is_safe_path(settings.CACHE_PATH, cache_path, settings.SECURITY_IMAGE_SUFFIXES):
             raise HTTPException(status_code=400, detail="Invalid cache path or file type")
diff --git a/app/chain/recommend.py b/app/chain/recommend.py
index 321d77a6..c8d877af 100644
--- a/app/chain/recommend.py
+++ b/app/chain/recommend.py
@@ -116,6 +116,10 @@ class RecommendChain(ChainBase, metaclass=Singleton):
         sanitized_path = SecurityUtils.sanitize_url_path(url)
         cache_path = settings.CACHE_PATH / "images" / sanitized_path
 
+        # 没有文件类型，则添加后缀，在恶意文件类型和实际需求下的折衷选择
+        if not cache_path.suffix:
+            cache_path = cache_path.with_suffix(".jpg")
+
         # 确保缓存路径和文件类型合法
         if not SecurityUtils.is_safe_path(settings.CACHE_PATH, cache_path, settings.SECURITY_IMAGE_SUFFIXES):
             logger.debug(f"Invalid cache path or file type for URL: {url}, sanitized path: {sanitized_path}")