diff --git a/healthlink-his-ui/src/permission.js b/healthlink-his-ui/src/permission.js
index 4fe6240a5..386a9f26d 100755
--- a/healthlink-his-ui/src/permission.js
+++ b/healthlink-his-ui/src/permission.js
@@ -71,6 +71,14 @@ router.beforeEach(async (to, from) => {
         return { path: '/login' }
       }
     }
+    // 铁律: 路由权限校验 — 目标路由必须在已注册的路由中存在
+    // 防止切换账户后，通过旧标签或直接输入 URL 访问无权限页面
+    const resolved = router.resolve(to)
+    if (resolved.matched.length === 0 || resolved.name === 'NotFound') {
+      // 路由不存在（未注册），拒绝导航
+      ElMessage.warning('无权访问该页面')
+      return { path: '/' }
+    }
     return true
   } else {
     if (isWhiteList(to.path)) {