diff --git a/src/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php b/src/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php
index dd74d87b2e..1c7a1edfaa 100644
--- a/src/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php
+++ b/src/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php
@@ -63,8 +63,8 @@ class CsrfValidationListener implements EventSubscriberInterface
         $form = $event->getForm();
         $data = $event->getData();
 
-        if ($form->isRoot() && $form->hasChildren() && isset($data[$this->fieldName])) {
-            if (!$this->csrfProvider->isCsrfTokenValid($this->intention, $data[$this->fieldName])) {
+        if ($form->isRoot() && $form->hasChildren()) {
+            if (!isset($data[$this->fieldName]) || !$this->csrfProvider->isCsrfTokenValid($this->intention, $data[$this->fieldName])) {
                 $form->addError(new FormError('The CSRF token is invalid. Please try to resubmit the form'));
             }
 
diff --git a/src/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php b/src/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php
index 4424f81e14..0d269d0267 100644
--- a/src/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php
+++ b/src/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php
@@ -171,6 +171,32 @@ class FormTypeCsrfExtensionTest extends TypeTestCase
         $this->assertSame($valid, $form->isValid());
     }
 
+    public function testFailIfRootAndChildrenAndTokenMissing()
+    {
+        $this->csrfProvider->expects($this->never())
+            ->method('isCsrfTokenValid');
+
+        $form = $this->factory
+            ->createBuilder('form', null, array(
+                'csrf_field_name' => 'csrf',
+                'csrf_provider' => $this->csrfProvider,
+                'intention' => '%INTENTION%'
+            ))
+            ->add($this->factory->createNamedBuilder('form', 'child'))
+            ->getForm();
+
+        $form->bind(array(
+            'child' => 'foobar',
+            // token is missing
+        ));
+
+        // Remove token from data
+        $this->assertSame(array('child' => 'foobar'), $form->getData());
+
+        // Validate accordingly
+        $this->assertFalse($form->isValid());
+    }
+
     public function testDontValidateTokenIfChildrenButNoRoot()
     {
         $this->csrfProvider->expects($this->never())