diff --git a/cmd/neofs-cli/internal/client/client.go b/cmd/neofs-cli/internal/client/client.go
index 5178d968c..c94856376 100644
--- a/cmd/neofs-cli/internal/client/client.go
+++ b/cmd/neofs-cli/internal/client/client.go
@@ -131,6 +131,21 @@ func GetContainer(prm GetContainerPrm) (res GetContainerRes, err error) {
 	return
 }
 
+// IsACLExtendable checks if ACL of the container referenced by the given identifier
+// can be extended. Client connection MUST BE correctly established in advance.
+func IsACLExtendable(c *client.Client, cnr cid.ID) (bool, error) {
+	var prm GetContainerPrm
+	prm.SetClient(c)
+	prm.SetContainer(cnr)
+
+	res, err := GetContainer(prm)
+	if err != nil {
+		return false, fmt.Errorf("get container from the NeoFS: %w", err)
+	}
+
+	return res.Container().BasicACL().Extendable(), nil
+}
+
 // DeleteContainerPrm groups parameters of DeleteContainerPrm operation.
 type DeleteContainerPrm struct {
 	commonPrm
diff --git a/cmd/neofs-cli/modules/container/set_eacl.go b/cmd/neofs-cli/modules/container/set_eacl.go
index 4bb82b9cf..22fc7ec57 100644
--- a/cmd/neofs-cli/modules/container/set_eacl.go
+++ b/cmd/neofs-cli/modules/container/set_eacl.go
@@ -2,6 +2,7 @@ package container
 
 import (
 	"bytes"
+	"errors"
 	"time"
 
 	internalclient "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/client"
@@ -14,6 +15,10 @@ import (
 
 var eaclPathFrom string
 
+var flagVarsSetEACL struct {
+	preCheck bool
+}
+
 var setExtendedACLCmd = &cobra.Command{
 	Use:   "set-eacl",
 	Short: "Set new extended ACL table for container",
@@ -36,6 +41,19 @@ Container ID in EACL table will be substituted with ID from the CLI.`,
 		pk := key.GetOrGenerate(cmd)
 		cli := internalclient.GetSDKClientByFlag(cmd, pk, commonflags.RPC)
 
+		if flagVarsSetEACL.preCheck {
+			cmd.Println("Checking the ability to modify access rights in the container...")
+
+			extendable, err := internalclient.IsACLExtendable(cli, id)
+			common.ExitOnErr(cmd, "Extensibility check failure: %w", err)
+
+			if !extendable {
+				common.ExitOnErr(cmd, "", errors.New("container ACL is immutable"))
+			}
+
+			cmd.Println("ACL extension is enabled in the container, continue processing.")
+		}
+
 		var setEACLPrm internalclient.SetEACLPrm
 		setEACLPrm.SetClient(cli)
 		setEACLPrm.SetTable(*eaclTable)
@@ -88,4 +106,5 @@ func initContainerSetEACLCmd() {
 	flags.StringVar(&containerID, "cid", "", "container ID")
 	flags.StringVar(&eaclPathFrom, "table", "", "path to file with JSON or binary encoded EACL table")
 	flags.BoolVar(&containerAwait, "await", false, "block execution until EACL is persisted")
+	flags.BoolVar(&flagVarsSetEACL.preCheck, "precheck", false, "pre-check the extensibility of the container ACL")
 }