diff --git a/lib/Newsletter/Listing/NewsletterListingRepository.php b/lib/Newsletter/Listing/NewsletterListingRepository.php
index 4fc3af0cb2..b88d133bc9 100644
--- a/lib/Newsletter/Listing/NewsletterListingRepository.php
+++ b/lib/Newsletter/Listing/NewsletterListingRepository.php
@@ -201,9 +201,10 @@ class NewsletterListingRepository extends ListingRepository {
   }
 
   protected function applySearch(QueryBuilder $queryBuilder, string $search) {
+    $search = str_replace(['\\', '%', '_'], ['\\\\', '\\%', '\\_'], $search); // escape for 'LIKE'
     $queryBuilder
       ->andWhere('n.subject LIKE :search')
-      ->setParameter('search', "%$search%"); // TODO: escape?
+      ->setParameter('search', "%$search%");
   }
 
   protected function applyFilters(QueryBuilder $queryBuilder, array $filters) {