diff --git a/src/Services/AttachmentHelper.php b/src/Services/AttachmentHelper.php
index 95221ff9..7e74fe6f 100644
--- a/src/Services/AttachmentHelper.php
+++ b/src/Services/AttachmentHelper.php
@@ -120,8 +120,8 @@ class AttachmentHelper
         //Older path entries are given via %BASE% which was the project root
         $placeholder_path = str_replace($placeholders, $targets, $placeholder_path);
 
-        //Normalize path
-        $placeholder_path = str_replace('\\', '/', $placeholder_path);
+        //Normalize path and remove ..
+        $placeholder_path = str_replace(['\\','..'], ['/',''], $placeholder_path);
 
         return $placeholder_path;
     }