diff --git a/robosystems/graph_api/core/duckdb/pool.py b/robosystems/graph_api/core/duckdb/pool.py
index c72ac66f..0d6a670f 100644
--- a/robosystems/graph_api/core/duckdb/pool.py
+++ b/robosystems/graph_api/core/duckdb/pool.py
@@ -202,6 +202,10 @@ def _create_new_connection(self, graph_id: str) -> DuckDBConnectionInfo:
     try:
       db_path = self._get_database_path(graph_id)
 
+      # Defense-in-depth: verify resolved path stays under base_path
+      if not db_path.resolve().is_relative_to(self.base_path.resolve()):
+        raise ValueError(f"Path escapes base directory: {db_path}")
+
       # Ensure database directory exists
       db_path.parent.mkdir(parents=True, exist_ok=True)