diff --git a/src/platform/workflow/templates/repositories/workflowTemplatesStore.ts b/src/platform/workflow/templates/repositories/workflowTemplatesStore.ts
index 0c0e087be..4c20a5113 100644
--- a/src/platform/workflow/templates/repositories/workflowTemplatesStore.ts
+++ b/src/platform/workflow/templates/repositories/workflowTemplatesStore.ts
@@ -515,7 +515,15 @@ export const useWorkflowTemplatesStore = defineStore(
 
     function getLogoUrl(provider: string): string {
       const logoPath = logoIndex.value[provider]
-      if (!logoPath) return ''
+      if (
+        !logoPath ||
+        logoPath.includes('..') ||
+        logoPath.startsWith('/') ||
+        !logoPath.startsWith('logo/') ||
+        !/\.(png|svg|jpg|jpeg)$/i.test(logoPath)
+      ) {
+        return ''
+      }
       return api.fileURL(`/templates/${logoPath}`)
     }