diff --git a/src/modules/module-protocol-pulse/modules/module-echo-cancel.c b/src/modules/module-protocol-pulse/modules/module-echo-cancel.c
index ee1eb1671..8db12b8c4 100644
--- a/src/modules/module-protocol-pulse/modules/module-echo-cancel.c
+++ b/src/modules/module-protocol-pulse/modules/module-echo-cancel.c
@@ -275,6 +275,10 @@ static int module_echo_cancel_prepare(struct module * const module)
 
 	if ((str = pw_properties_get(props, "aec_method")) == NULL)
 		str = "webrtc";
+	if (strstr(str, "..") != NULL || strchr(str, '/') != NULL) {
+		res = -EINVAL;
+		goto out;
+	}
 	pw_properties_setf(global_props, "library.name", "aec/libspa-aec-%s", str);
 
 	if ((str = pw_properties_get(props, "source_name")) != NULL) {