diff --git a/.changeset/four-drinks-wonder.md b/.changeset/four-drinks-wonder.md
new file mode 100644
index 0000000..0f18063
--- /dev/null
+++ b/.changeset/four-drinks-wonder.md
@@ -0,0 +1,5 @@
+---
+"@openproject/helm-charts": minor
+---
+
+Ensure we set sticky bit on mounted tmp folders
diff --git a/charts/openproject/templates/_helpers.tpl b/charts/openproject/templates/_helpers.tpl
index f6ef90d..faff294 100644
--- a/charts/openproject/templates/_helpers.tpl
+++ b/charts/openproject/templates/_helpers.tpl
@@ -135,6 +135,19 @@ securityContext:
 {{- end }}
 {{- end -}}
 
+{{- define "openproject.tmpVolumeInitContainer" -}}
+{{- if eq (include "openproject.useTmpVolumes" .) "true" }}
+- name: fix-tmp-perms
+  image: busybox
+  command: ["sh", "-c", "chmod 1777 /tmp && chmod 1777 /app/tmp"]
+  volumeMounts:
+    {{- include "openproject.tmpVolumeMounts" . | indent 4 }}
+  securityContext:
+    runAsNonRoot: false
+    readOnlyRootFilesystem: false
+{{- end }}
+{{- end -}}
+
 {{- define "openproject.envFrom" -}}
 - secretRef:
     name: {{ include "common.names.fullname" . }}-core
diff --git a/charts/openproject/templates/seeder-job.yaml b/charts/openproject/templates/seeder-job.yaml
index 5de3b3d..026c0c5 100644
--- a/charts/openproject/templates/seeder-job.yaml
+++ b/charts/openproject/templates/seeder-job.yaml
@@ -41,6 +41,7 @@ spec:
         {{- end }}
         {{- include "openproject.extraVolumes" . | indent 8 }}
       initContainers:
+        {{- include "openproject.tmpVolumeInitContainer" . | indent 8 }}
         - name: check-db-ready
           image: "{{ .Values.dbInit.image.registry }}/{{ .Values.dbInit.image.repository }}:{{ .Values.dbInit.image.tag }}"
           imagePullPolicy: {{ .Values.dbInit.image.imagePullPolicy }}
diff --git a/charts/openproject/templates/web-deployment.yaml b/charts/openproject/templates/web-deployment.yaml
index 78d5ed0..72c8c66 100644
--- a/charts/openproject/templates/web-deployment.yaml
+++ b/charts/openproject/templates/web-deployment.yaml
@@ -54,6 +54,7 @@ spec:
         {{- end }}
         {{- include "openproject.extraVolumes" . | indent 8 }}
       initContainers:
+        {{- include "openproject.tmpVolumeInitContainer" . | indent 8 }}
         - name: wait-for-db
           {{- include "openproject.containerSecurityContext" . | indent 10 }}
           image: {{ include "openproject.image" . }}
diff --git a/charts/openproject/templates/worker-deployment.yaml b/charts/openproject/templates/worker-deployment.yaml
index bc32c9d..9daa50e 100644
--- a/charts/openproject/templates/worker-deployment.yaml
+++ b/charts/openproject/templates/worker-deployment.yaml
@@ -56,6 +56,7 @@ spec:
         {{- end }}
         {{- include "openproject.extraVolumes" . | indent 8 }}
       initContainers:
+        {{- include "openproject.tmpVolumeInitContainer" . | indent 8 }}
         - name: wait-for-db
           {{- include "openproject.containerSecurityContext" . | indent 10 }}
           image: {{ include "openproject.image" . }}