diff --git a/hotdata/api_client.py b/hotdata/api_client.py
index 7af72f2..58e44c6 100644
--- a/hotdata/api_client.py
+++ b/hotdata/api_client.py
@@ -554,6 +554,8 @@ def files_parameters(
         params = []
         for k, v in files.items():
             if isinstance(v, str):
+                if '..' in v:
+                    raise Exception('Invalid file path')
                 with open(v, 'rb') as f:
                     filename = os.path.basename(f.name)
                     filedata = f.read()