diff --git a/grobid-service/src/main/java/org/grobid/service/process/GrobidRestProcessTraining.java b/grobid-service/src/main/java/org/grobid/service/process/GrobidRestProcessTraining.java
index 10664d2f09..b425af0c27 100644
--- a/grobid-service/src/main/java/org/grobid/service/process/GrobidRestProcessTraining.java
+++ b/grobid-service/src/main/java/org/grobid/service/process/GrobidRestProcessTraining.java
@@ -359,6 +359,11 @@ public void run() {
     public Response resultTraining(String token) {
         Response response = null;
         try {
+            // Validate the token to prevent directory traversal
+            if (token.contains("..") || token.contains("/") || token.contains("\\")) {
+                throw new GrobidServiceException("Invalid token", Status.BAD_REQUEST);
+            }
+
             // access report file under token subdirectory
             File home = GrobidProperties.getInstance().getGrobidHomePath();
             String tokenPath = home.getAbsolutePath() + "/training-history/" + token;