diff --git a/src/Umbraco.Infrastructure/Persistence/Repositories/Implement/CreatedPackageSchemaRepository.cs b/src/Umbraco.Infrastructure/Persistence/Repositories/Implement/CreatedPackageSchemaRepository.cs
index 61f0fe126d..8152eb70e9 100644
--- a/src/Umbraco.Infrastructure/Persistence/Repositories/Implement/CreatedPackageSchemaRepository.cs
+++ b/src/Umbraco.Infrastructure/Persistence/Repositories/Implement/CreatedPackageSchemaRepository.cs
@@ -311,7 +311,12 @@ public class CreatedPackageSchemaRepository : ICreatedPackagesRepository
                     definition.Name.Replace(' ', '_')));
             Directory.CreateDirectory(directoryName);
 
+            var expectedRoot = _hostingEnvironment.MapPathContentRoot(_createdPackagesFolderPath);
             var finalPackagePath = Path.Combine(directoryName, fileName);
+            if (finalPackagePath.StartsWith(expectedRoot) == false)
+            {
+                throw new IOException("Invalid path due to the package name");
+            }
 
             // Clean existing files
             foreach (var packagePath in new[] { definition.PackagePath, finalPackagePath })