diff --git a/src/Umbraco.Infrastructure/Persistence/Repositories/Implement/CreatedPackageSchemaRepository.cs b/src/Umbraco.Infrastructure/Persistence/Repositories/Implement/CreatedPackageSchemaRepository.cs
index 61f0fe126d..6fcb0c9e66 100644
--- a/src/Umbraco.Infrastructure/Persistence/Repositories/Implement/CreatedPackageSchemaRepository.cs
+++ b/src/Umbraco.Infrastructure/Persistence/Repositories/Implement/CreatedPackageSchemaRepository.cs
@@ -309,9 +309,16 @@ public class CreatedPackageSchemaRepository : ICreatedPackagesRepository
                 _hostingEnvironment.MapPathContentRoot(Path.Combine(
                     _createdPackagesFolderPath,
                     definition.Name.Replace(' ', '_')));
+
+            var expectedRoot = Path.GetFullPath(_hostingEnvironment.MapPathContentRoot(_createdPackagesFolderPath));
+            var finalPackagePath = Path.GetFullPath(Path.Combine(directoryName, fileName));
+            if (finalPackagePath.StartsWith(expectedRoot) == false)
+            {
+                throw new IOException("Invalid path due to the package name");
+            }
+
             Directory.CreateDirectory(directoryName);
 
-            var finalPackagePath = Path.Combine(directoryName, fileName);
 
             // Clean existing files
             foreach (var packagePath in new[] { definition.PackagePath, finalPackagePath })