diff --git a/pkg/bundle/bundle.go b/pkg/bundle/bundle.go
index 44a932222..38cf216ed 100644
--- a/pkg/bundle/bundle.go
+++ b/pkg/bundle/bundle.go
@@ -240,6 +240,10 @@ func Unpack(in io.Reader, targetPath string) error {
 		}
 
 		var target = filepath.Join(targetPath, header.Name)
+		if strings.Contains(target, "..") {
+			return fmt.Errorf("targetPath validation failed, path contains unexpected special elements")
+		}
+
 		switch header.Typeflag {
 		case tar.TypeDir:
 			if err := os.MkdirAll(target, os.FileMode(header.Mode)); err != nil {