diff --git a/changelog.d/19634.bugfix b/changelog.d/19634.bugfix
new file mode 100644
index 0000000000..e8fcb43570
--- /dev/null
+++ b/changelog.d/19634.bugfix
@@ -0,0 +1 @@
+Fix bug where Synapse would return 400 (`M_BAD_JSON`) when sending a message with `mentions` field and Synapse module `check_event_allowed` callback registered (frozen event). Contributed by @gaetan-sbt.
\ No newline at end of file
diff --git a/synapse/events/validator.py b/synapse/events/validator.py
index d1b5152d77..e8d6cc9710 100644
--- a/synapse/events/validator.py
+++ b/synapse/events/validator.py
@@ -22,7 +22,6 @@ import collections.abc
 from typing import cast
 
 import jsonschema
-from pydantic import Field, StrictBool, StrictStr
 
 from synapse.api.constants import (
     MAX_ALIAS_LENGTH,
@@ -40,10 +39,8 @@ from synapse.events.utils import (
     CANONICALJSON_MIN_INT,
     validate_canonicaljson,
 )
-from synapse.http.servlet import validate_json_object
 from synapse.storage.controllers.state import server_acl_evaluator_from_event
 from synapse.types import EventID, JsonDict, JsonMapping, RoomID, StrCollection, UserID
-from synapse.types.rest import RequestBodyModel
 
 
 class EventValidator:
@@ -116,29 +113,18 @@ class EventValidator:
                     cls=POWER_LEVELS_VALIDATOR,
                 )
             except jsonschema.ValidationError as e:
-                if e.path:
-                    # example: "users_default": '0' is not of type 'integer'
-                    # cast safety: path entries can be integers, if we fail to validate
-                    # items in an array. However, the POWER_LEVELS_SCHEMA doesn't expect
-                    # to see any arrays.
-                    message = (
-                        '"' + cast(str, e.path[-1]) + '": ' + e.message  # noqa: B306
-                    )
-                    # jsonschema.ValidationError.message is a valid attribute
-                else:
-                    # example: '0' is not of type 'integer'
-                    message = e.message  # noqa: B306
-                    # jsonschema.ValidationError.message is a valid attribute
-
-                raise SynapseError(
-                    code=400,
-                    msg=message,
-                    errcode=Codes.BAD_JSON,
-                )
+                raise _validation_error_to_api_error(e)
 
         # If the event contains a mentions key, validate it.
         if EventContentFields.MENTIONS in event.content:
-            validate_json_object(event.content[EventContentFields.MENTIONS], Mentions)
+            try:
+                jsonschema.validate(
+                    instance=event.content[EventContentFields.MENTIONS],
+                    schema=MENTIONS_SCHEMA,
+                    cls=MENTIONS_VALIDATOR,
+                )
+            except jsonschema.ValidationError as e:
+                raise _validation_error_to_api_error(e)
 
     def _validate_retention(self, event: EventBase) -> None:
         """Checks that an event that defines the retention policy for a room respects the
@@ -284,10 +270,16 @@ POWER_LEVELS_SCHEMA = {
     },
 }
 
-
-class Mentions(RequestBodyModel):
-    user_ids: list[StrictStr] = Field(default_factory=list)
-    room: StrictBool = False
+MENTIONS_SCHEMA = {
+    "type": "object",
+    "properties": {
+        "user_ids": {
+            "type": "array",
+            "items": {"type": "string"},
+        },
+        "room": {"type": "boolean"},
+    },
+}
 
 
 # This could return something newer than Draft 7, but that's the current "latest"
@@ -295,14 +287,45 @@ class Mentions(RequestBodyModel):
 def _create_validator(schema: JsonDict) -> type[jsonschema.Draft7Validator]:
     validator = jsonschema.validators.validator_for(schema)
 
-    # by default jsonschema does not consider a immutabledict to be an object so
-    # we need to use a custom type checker
+    # by default jsonschema does not consider a immutabledict to be an object, or
+    # a tuple to be an array (frozenutils freezes lists to tuples), so we need a
+    # custom type checker for both.
     # https://python-jsonschema.readthedocs.io/en/stable/validate/?highlight=object#validating-with-additional-types
     type_checker = validator.TYPE_CHECKER.redefine(
         "object", lambda checker, thing: isinstance(thing, collections.abc.Mapping)
+    ).redefine(
+        "array",
+        lambda checker, thing: isinstance(thing, collections.abc.Sequence),
     )
 
     return jsonschema.validators.extend(validator, type_checker=type_checker)
 
 
+def _validation_error_to_api_error(err: jsonschema.ValidationError) -> SynapseError:
+    """
+    Converts a JSONSchema `ValidationError` to a `SynapseError` that can be thrown
+    to give a Matrix API-compatible 400 Bad Request response with `M_BAD_JSON` code
+    and a descriptive error message.
+    """
+    if err.path:
+        # example: "users_default": '0' is not of type 'integer'
+        # cast safety: path entries can be integers, if we fail to validate
+        # items in an array. However, the POWER_LEVELS_SCHEMA doesn't expect
+        # to see any arrays.
+        message = '"' + cast(str, err.path[-1]) + '": ' + err.message
+        # jsonschema.ValidationError.message is a valid attribute
+    else:
+        # example: '0' is not of type 'integer'
+        message = err.message
+        # jsonschema.ValidationError.message is a valid attribute
+
+    return SynapseError(
+        code=400,
+        msg=message,
+        errcode=Codes.BAD_JSON,
+    )
+
+
 POWER_LEVELS_VALIDATOR = _create_validator(POWER_LEVELS_SCHEMA)
+
+MENTIONS_VALIDATOR = _create_validator(MENTIONS_SCHEMA)
diff --git a/tests/events/test_validator.py b/tests/events/test_validator.py
new file mode 100644
index 0000000000..3810fdb3da
--- /dev/null
+++ b/tests/events/test_validator.py
@@ -0,0 +1,50 @@
+#
+# This file is licensed under the Affero General Public License (AGPL) version 3.
+#
+# Copyright (C) 2026 Element Creations Ltd
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# See the GNU Affero General Public License for more details:
+# <https://www.gnu.org/licenses/agpl-3.0.html>.
+#
+from synapse.api.room_versions import RoomVersions
+from synapse.events import make_event_from_dict
+from synapse.events.validator import EventValidator
+
+from tests.unittest import HomeserverTestCase
+
+
+class EventValidatorTestCase(HomeserverTestCase):
+    def test_validate_new_with_mentions_succeeds_even_when_frozen(self) -> None:
+        """
+        Test that `EventValidator.validate_new` accepts an event with valid `m.mentions`
+        content even when the event is frozen.
+        """
+        event = make_event_from_dict(
+            {
+                "room_id": "!room:test",
+                "type": "m.room.message",
+                "sender": "@alice:example.com",
+                "content": {
+                    "msgtype": "m.text",
+                    "body": "@alice:example.com hello",
+                    "m.mentions": {"user_ids": ["@alice:example.com"]},
+                },
+                "auth_events": [],
+                "prev_events": [],
+                "hashes": {"sha256": "aGVsbG8="},
+                "signatures": {},
+                "depth": 1,
+                "origin_server_ts": 1000,
+            },
+            room_version=RoomVersions.V9,
+        )
+        # Sanity check that the event is valid before freezing
+        EventValidator().validate_new(event, self.hs.config)
+        event.freeze()
+        # Event should still be valid after freezing
+        EventValidator().validate_new(event, self.hs.config)