diff --git a/config/version.php b/config/version.php
index 74f2d2c201ca..caa644edb2e4 100644
--- a/config/version.php
+++ b/config/version.php
@@ -1,7 +1,7 @@
 <?php
 
 return [
-	'appVersion' => '6.4.57',
-	'patchVersion' => '2022.09.23',
+	'appVersion' => '6.4.58',
+	'patchVersion' => '2022.09.26',
 	'lib_roundcube' => '0.3.1',
 ];
diff --git a/modules/ModComments/actions/SaveAjax.php b/modules/ModComments/actions/SaveAjax.php
index 0d7c7a5ca97b..68879ab64681 100644
--- a/modules/ModComments/actions/SaveAjax.php
+++ b/modules/ModComments/actions/SaveAjax.php
@@ -5,8 +5,9 @@
  * @package   Action
  *
  * @copyright YetiForce S.A.
- * @license YetiForce Public License 5.0 (licenses/LicenseEN.txt or yetiforce.com)
- * @author Mariusz Krzaczkowski <m.krzaczkowski@yetiforce.com>
+ * @license   YetiForce Public License 5.0 (licenses/LicenseEN.txt or yetiforce.com)
+ * @author    Mariusz Krzaczkowski <m.krzaczkowski@yetiforce.com>
+ * @author    Radosław Skrzypczak <r.skrzypczak@yetiforce.com>
  */
 
 /**
@@ -14,6 +15,16 @@
  */
 class ModComments_SaveAjax_Action extends Vtiger_SaveAjax_Action
 {
+	/** {@inheritdoc} */
+	public function checkPermission(App\Request $request)
+	{
+		parent::checkPermission($request);
+		$parentCommentId = $request->isEmpty('parent_comments') ? 0 : $request->getInteger('parent_comments');
+		if ($parentCommentId && (!\App\Record::isExists($parentCommentId, $request->getModule()) || 'Active' !== \App\Record::getState($parentCommentId))) {
+			throw new \App\Exceptions\NoPermittedToRecord('ERR_NO_PERMISSIONS_FOR_THE_RECORD', 406);
+		}
+	}
+
 	/** {@inheritdoc} */
 	public function getRecordModelFromRequest(App\Request $request)
 	{