diff --git a/wp-admin/network/edit.php b/wp-admin/network/edit.php
index 2633811ef2..7ecbb1f41e 100644
--- a/wp-admin/network/edit.php
+++ b/wp-admin/network/edit.php
@@ -311,6 +311,7 @@ switch ( $_GET['action'] ) {
 
 	// Common
 	case 'confirm':
+		check_admin_referer( 'confirm' );
 		if ( !headers_sent() ) {
 			nocache_headers();
 			header( 'Content-Type: text/html; charset=utf-8' );