diff --git a/fastapi/security/oauth2.py b/fastapi/security/oauth2.py
index 42674b476c..5b5a6b03c8 100644
--- a/fastapi/security/oauth2.py
+++ b/fastapi/security/oauth2.py
@@ -536,7 +536,7 @@ class OAuth2PasswordBearer(OAuth2):
     async def __call__(self, request: Request) -> str | None:
         authorization = request.headers.get("Authorization")
         scheme, param = get_authorization_scheme_param(authorization)
-        if not authorization or scheme.lower() != "bearer":
+        if not authorization or scheme.lower() != "bearer" or not param:
             if self.auto_error:
                 raise self.make_not_authenticated_error()
             else:
@@ -642,7 +642,7 @@ class OAuth2AuthorizationCodeBearer(OAuth2):
     async def __call__(self, request: Request) -> str | None:
         authorization = request.headers.get("Authorization")
         scheme, param = get_authorization_scheme_param(authorization)
-        if not authorization or scheme.lower() != "bearer":
+        if not authorization or scheme.lower() != "bearer" or not param:
             if self.auto_error:
                 raise self.make_not_authenticated_error()
             else:
diff --git a/tests/test_security_oauth2_authorization_code_bearer.py b/tests/test_security_oauth2_authorization_code_bearer.py
index 587486c76b..a77428253d 100644
--- a/tests/test_security_oauth2_authorization_code_bearer.py
+++ b/tests/test_security_oauth2_authorization_code_bearer.py
@@ -30,6 +30,12 @@ def test_incorrect_token():
     assert response.json() == {"detail": "Not authenticated"}
 
 
+def test_empty_bearer_token():
+    response = client.get("/items", headers={"Authorization": "Bearer "})
+    assert response.status_code == 401, response.text
+    assert response.json() == {"detail": "Not authenticated"}
+
+
 def test_token():
     response = client.get("/items", headers={"Authorization": "Bearer testtoken"})
     assert response.status_code == 200, response.text
diff --git a/tests/test_security_oauth2_password_bearer_optional.py b/tests/test_security_oauth2_password_bearer_optional.py
index 263359c950..74f11e9c65 100644
--- a/tests/test_security_oauth2_password_bearer_optional.py
+++ b/tests/test_security_oauth2_password_bearer_optional.py
@@ -36,6 +36,12 @@ def test_incorrect_token():
     assert response.json() == {"msg": "Create an account first"}
 
 
+def test_empty_bearer_token():
+    response = client.get("/items", headers={"Authorization": "Bearer "})
+    assert response.status_code == 200, response.text
+    assert response.json() == {"msg": "Create an account first"}
+
+
 def test_openapi_schema():
     response = client.get("/openapi.json")
     assert response.status_code == 200, response.text