diff --git a/api/services/file_service.py b/api/services/file_service.py
index d417e81734..284e96c97a 100644
--- a/api/services/file_service.py
+++ b/api/services/file_service.py
@@ -1,5 +1,6 @@
 import datetime
 import hashlib
+import os
 import uuid
 from typing import Any, Literal, Union
 
@@ -38,7 +39,12 @@ class FileService:
         source_url: str = "",
     ) -> UploadFile:
         # get file extension
-        extension = filename.split(".")[-1].lower()
+        extension = os.path.splitext(filename)[1].lstrip(".").lower()
+
+        # check if filename contains invalid characters
+        if any(c in filename for c in ["/", "\\", ":", "*", "?", '"', "<", ">", "|"]):
+            raise ValueError("Filename contains invalid characters")
+
         if len(filename) > 200:
             filename = filename.split(".")[0][:200] + "." + extension