diff --git a/cameleer3-server-app/src/main/java/com/cameleer3/server/app/runtime/DeploymentExecutor.java b/cameleer3-server-app/src/main/java/com/cameleer3/server/app/runtime/DeploymentExecutor.java
index a890d4a8..7208f3f0 100644
--- a/cameleer3-server-app/src/main/java/com/cameleer3/server/app/runtime/DeploymentExecutor.java
+++ b/cameleer3-server-app/src/main/java/com/cameleer3/server/app/runtime/DeploymentExecutor.java
@@ -64,6 +64,9 @@ public class DeploymentExecutor {
     @Value("${cameleer.runtime.jar-storage-path:/data/jars}")
     private String jarStoragePath;
 
+    @Value("${cameleer.tenant.id:default}")
+    private String tenantId;
+
     public DeploymentExecutor(RuntimeOrchestrator orchestrator,
                               DeploymentService deploymentService,
                               AppService appService,
@@ -116,8 +119,8 @@ public class DeploymentExecutor {
                 // Traefik network for routing (apps need to be reachable by Traefik)
                 networkManager.ensureNetwork(DockerNetworkManager.TRAEFIK_NETWORK);
                 additionalNets.add(DockerNetworkManager.TRAEFIK_NETWORK);
-                // Per-environment network for intra-environment service discovery
-                envNet = DockerNetworkManager.envNetworkName(env.slug());
+                // Per-environment network scoped to tenant to prevent cross-tenant collisions
+                envNet = DockerNetworkManager.envNetworkName(tenantId, env.slug());
                 networkManager.ensureNetwork(envNet);
                 additionalNets.add(envNet);
             }
diff --git a/cameleer3-server-app/src/main/java/com/cameleer3/server/app/runtime/DockerNetworkManager.java b/cameleer3-server-app/src/main/java/com/cameleer3/server/app/runtime/DockerNetworkManager.java
index 40ae28d8..6647f63c 100644
--- a/cameleer3-server-app/src/main/java/com/cameleer3/server/app/runtime/DockerNetworkManager.java
+++ b/cameleer3-server-app/src/main/java/com/cameleer3/server/app/runtime/DockerNetworkManager.java
@@ -59,4 +59,9 @@ public class DockerNetworkManager {
     public static String envNetworkName(String envSlug) {
         return ENV_NETWORK_PREFIX + envSlug;
     }
+
+    /** Tenant-scoped environment network name to prevent cross-tenant collisions. */
+    public static String envNetworkName(String tenantId, String envSlug) {
+        return ENV_NETWORK_PREFIX + tenantId + "-" + envSlug;
+    }
 }