diff --git a/core/src/main/java/com/sk89q/worldedit/command/SchematicCommands.java b/core/src/main/java/com/sk89q/worldedit/command/SchematicCommands.java
index 6dc64dda..70f0dfcf 100644
--- a/core/src/main/java/com/sk89q/worldedit/command/SchematicCommands.java
+++ b/core/src/main/java/com/sk89q/worldedit/command/SchematicCommands.java
@@ -613,6 +613,11 @@ public class SchematicCommands extends MethodCommands {
                         color = "&a";
                         if (name.indexOf('.') != -1) name = name.substring(0, name.lastIndexOf('.'));
                     }
+                    try {
+                        if (!MainUtil.isInSubDirectory(dir, file)) {
+                            throw new RuntimeException(new CommandException("Invalid path"));
+                        }
+                    } catch (IOException ignore) {}
                 } else if (uriStr.startsWith("http://") || uriStr.startsWith("https://")) {
                     // url
                     color = "&9";