diff --git a/src/wallet/rpc/wallet.cpp b/src/wallet/rpc/wallet.cpp
index 9a3cc0c288e8..668cc662f435 100644
--- a/src/wallet/rpc/wallet.cpp
+++ b/src/wallet/rpc/wallet.cpp
@@ -379,9 +379,7 @@ static RPCHelpMan upgradetohd()
             throw JSONRPCError(RPC_WALLET_UNLOCK_NEEDED, "Error: Wallet encrypted but passphrase not supplied to RPC.");
         }
     } else {
-        // TODO: get rid of this .c_str() by implementing SecureString::operator=(std::string)
-        // Alternately, find a way to make request.params[0] mlock()'d to begin with.
-        secureWalletPassphrase = request.params[2].get_str().c_str();
+        secureWalletPassphrase = std::string_view{request.params[2].get_str()};
     }
 
     SecureString secureMnemonic;
diff --git a/test/functional/wallet_upgradetohd.py b/test/functional/wallet_upgradetohd.py
index aa770716cff1..dc3f414c3cfa 100755
--- a/test/functional/wallet_upgradetohd.py
+++ b/test/functional/wallet_upgradetohd.py
@@ -175,7 +175,8 @@ def run_test(self):
         self.recover_non_hd()
 
         self.log.info("Same mnemonic, same mnemonic passphrase, encrypt wallet on upgrade, should recover all coins after rescan")
-        walletpass = "111pass222"
+        # Null characters are allowed in wallet passphrases now
+        walletpass = "111\0pass222"
         assert node.upgradetohd(mnemonic, "", walletpass)
         node.stop()
         node.wait_until_stopped()