diff --git a/common/src/services/api.service.ts b/common/src/services/api.service.ts
index b7fff0ce8e..df33c1792f 100644
--- a/common/src/services/api.service.ts
+++ b/common/src/services/api.service.ts
@@ -1616,6 +1616,9 @@ export class ApiService implements ApiServiceAbstraction {
             headers.set('User-Agent', this.customUserAgent);
         }
 
+        // Clean path from directory traversal
+        path = path.split('../').join('');
+
         const requestInit: RequestInit = {
             cache: 'no-store',
             credentials: this.getCredentials(),