diff --git a/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebToken.cs b/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebToken.cs
index fd6921f1f4..b7b66a3596 100644
--- a/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebToken.cs
+++ b/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebToken.cs
@@ -463,11 +463,10 @@ internal void ReadToken(ReadOnlyMemory<char> encodedTokenMemory)
                 // empty payload for JWE's {encrypted tokens}.
                 Payload = new JsonClaimSet();
 
-                if (Dot3 == encodedTokenSpan.Length) // TODO: Should this be encodedJsonSpan.Length - 1? 
-                    throw LogHelper.LogExceptionMessage(new ArgumentException(LogMessages.IDX14121));
-
                 Dot3 = Dot2 + Dot3 + 1;
-
+                if (Dot3 == encodedTokenSpan.Length - 1)
+                    throw LogHelper.LogExceptionMessage(new SecurityTokenMalformedException(LogMessages.IDX14121));
+                
                 Dot4 = encodedTokenSpan.Slice(Dot3 + 1).IndexOf('.');
                 if (Dot4 == -1)
                     throw LogHelper.LogExceptionMessage(new SecurityTokenMalformedException(LogMessages.IDX14121));
diff --git a/test/System.IdentityModel.Tokens.Jwt.Tests/JwtTestData.cs b/test/System.IdentityModel.Tokens.Jwt.Tests/JwtTestData.cs
index e0c36fceb4..9a6db857e6 100644
--- a/test/System.IdentityModel.Tokens.Jwt.Tests/JwtTestData.cs
+++ b/test/System.IdentityModel.Tokens.Jwt.Tests/JwtTestData.cs
@@ -60,6 +60,13 @@ public static TheoryData<JwtTheoryData> InvalidNumberOfSegmentsData(IList<string
                 Token = "a"
             });
             theoryData.Add(new JwtTheoryData
+            {
+                CanRead = false,
+                ExpectedException = ExpectedException.SecurityTokenMalformedTokenException(errorStrings[0]),
+                TestId = "a.",
+                Token = "a."
+            });
+            theoryData.Add(new JwtTheoryData
             {
                 CanRead = false,
                 ExpectedException = ExpectedException.SecurityTokenMalformedTokenException(errorStrings[1]),