diff --git a/src/main/java/stirling/software/SPDF/utils/FileToPdf.java b/src/main/java/stirling/software/SPDF/utils/FileToPdf.java
index d18277df..3dabef54 100644
--- a/src/main/java/stirling/software/SPDF/utils/FileToPdf.java
+++ b/src/main/java/stirling/software/SPDF/utils/FileToPdf.java
@@ -105,7 +105,7 @@ public class FileToPdf {
                         new ByteArrayInputStream(Files.readAllBytes(zipFilePath)))) {
             ZipEntry entry = zipIn.getNextEntry();
             while (entry != null) {
-                Path filePath = tempUnzippedDir.resolve(entry.getName());
+                Path filePath = tempUnzippedDir.resolve(sanitizeZipFilename(entry.getName()));
                 if (!entry.isDirectory()) {
                     Files.createDirectories(filePath.getParent());
                     if (entry.getName().toLowerCase().endsWith(".html")
@@ -175,7 +175,7 @@ public class FileToPdf {
                 ZipSecurity.createHardenedInputStream(new ByteArrayInputStream(fileBytes))) {
             ZipEntry entry = zipIn.getNextEntry();
             while (entry != null) {
-                Path filePath = tempDirectory.resolve(entry.getName());
+                Path filePath = tempDirectory.resolve(sanitizeZipFilename(entry.getName()));
                 if (entry.isDirectory()) {
                     Files.createDirectories(filePath); // Explicitly create the directory structure
                 } else {
@@ -241,4 +241,14 @@ public class FileToPdf {
             Files.deleteIfExists(tempOutputFile);
         }
     }
+    
+    static String sanitizeZipFilename(String entryName) {
+        if (entryName == null || entryName.trim().isEmpty()) {
+            return entryName;
+        }
+        while (entryName.contains("../") || entryName.contains("..\\")) {
+            entryName = entryName.replace("../", "").replace("..\\", "");
+        }
+        return entryName;
+    }
 }