diff --git a/app/core/src/main/java/stirling/software/SPDF/controller/api/misc/StampController.java b/app/core/src/main/java/stirling/software/SPDF/controller/api/misc/StampController.java
index bdf27c519..a784b0f39 100644
--- a/app/core/src/main/java/stirling/software/SPDF/controller/api/misc/StampController.java
+++ b/app/core/src/main/java/stirling/software/SPDF/controller/api/misc/StampController.java
@@ -42,6 +42,7 @@ import stirling.software.common.service.CustomPDFDocumentFactory;
 import stirling.software.common.util.TempFile;
 import stirling.software.common.util.TempFileManager;
 import stirling.software.common.util.WebResponseUtils;
+import java.lang.IllegalArgumentException;
 
 @RestController
 @RequestMapping("/api/v1/misc")
@@ -62,9 +63,18 @@ public class StampController {
     public ResponseEntity<byte[]> addStamp(@ModelAttribute AddStampRequest request)
             throws IOException, Exception {
         MultipartFile pdfFile = request.getFileInput();
+        String pdfFileName = pdfFile.getOriginalFilename();
+        if (pdfFileName.contains("..") || pdfFileName.startsWith("/")) {
+            throw new IllegalArgumentException("Invalid PDF file path");
+        }
+        
         String stampType = request.getStampType();
         String stampText = request.getStampText();
         MultipartFile stampImage = request.getStampImage();
+        String stampImageName = stampImage.getOriginalFilename();
+        if (stampImageName.contains("..") || stampImageName.startsWith("/")) {
+            throw new IllegalArgumentException("Invalid stamp image file path");
+        }
         String alphabet = request.getAlphabet();
         float fontSize = request.getFontSize();
         float rotation = request.getRotation();