diff --git a/ts/windows/main/attachments.ts b/ts/windows/main/attachments.ts
index 69c1c864a5..5c2446ac83 100644
--- a/ts/windows/main/attachments.ts
+++ b/ts/windows/main/attachments.ts
@@ -267,7 +267,11 @@ export const saveAttachmentToDisk = async ({
     }
     filePath = dialogFilePath;
   } else {
-    filePath = join(baseDir, name);
+    filePath = join(baseDir, basename(name));
+
+    if (!isPathInside(filePath, baseDir)) {
+      throw new Error('Invalid attachment path');
+    }
   }
 
   await writeWithAttributes(filePath, data);