diff --git a/app/core/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertMarkdownToPdf.java b/app/core/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertMarkdownToPdf.java
index fcaebb79d..f96e17f95 100644
--- a/app/core/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertMarkdownToPdf.java
+++ b/app/core/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertMarkdownToPdf.java
@@ -83,7 +83,13 @@ public class ConvertMarkdownToPdf {
                     java.util.zip.ZipEntry entry;
                     while ((entry = zipIn.getNextEntry()) != null) {
                         if (!entry.isDirectory()) {
-                            java.nio.file.Path filePath = tempDirPath.resolve(entry.getName());
+                            java.nio.file.Path filePath =
+                                    tempDirPath.resolve(entry.getName()).normalize();
+                            if (!filePath.startsWith(tempDirPath)) {
+                                throw new java.io.IOException(
+                                        "ZIP entry is outside of target directory: "
+                                                + entry.getName());
+                            }
                             java.nio.file.Files.createDirectories(filePath.getParent());
                             java.nio.file.Files.copy(zipIn, filePath);
                         }