diff --git a/libp2p/peer/peerstore.py b/libp2p/peer/peerstore.py
index 2fc7b4a3d..282a5a3a9 100644
--- a/libp2p/peer/peerstore.py
+++ b/libp2p/peer/peerstore.py
@@ -337,6 +337,14 @@ def consume_peer_record(self, envelope: Envelope, ttl: int) -> bool:
         record = envelope.record()
         peer_id = record.peer_id
 
+        # Reject records whose signer does not match the record's peer ID.
+        try:
+            signer_peer_id = ID.from_pubkey(envelope.public_key)
+        except Exception:
+            return False
+        if signer_peer_id != peer_id:
+            return False
+
         existing = self.peer_record_map.get(peer_id)
         if existing and existing.seq > record.seq:
             return False  # reject older record
diff --git a/newsfragments/1338.bugfix.rst b/newsfragments/1338.bugfix.rst
new file mode 100644
index 000000000..35f52ef91
--- /dev/null
+++ b/newsfragments/1338.bugfix.rst
@@ -0,0 +1 @@
+Fixed KadDHT peer record validation to ensure signed ``PeerRecord``s have matching signer identity and peer ID, preventing certified address book poisoning for arbitrary peer IDs.