diff --git a/apps/dokploy/server/wss/listen-deployment.ts b/apps/dokploy/server/wss/listen-deployment.ts
index cd9eefed6..0548004be 100644
--- a/apps/dokploy/server/wss/listen-deployment.ts
+++ b/apps/dokploy/server/wss/listen-deployment.ts
@@ -1,6 +1,7 @@
 import { spawn } from "node:child_process";
 import type http from "node:http";
 import { findServerById, IS_CLOUD, validateRequest } from "@dokploy/server";
+import { encodeBase64 } from "@dokploy/server/utils/docker/utils";
 import { readValidDirectory } from "@dokploy/server/wss/utils";
 import { Client } from "ssh2";
 import { WebSocketServer } from "ws";
@@ -70,9 +71,9 @@ export const setupDeploymentLogsWebSocketServer = (
 				sshClient = new Client();
 				sshClient
 					.on("ready", () => {
-						const command = `
-						tail -n +1 -f ${logPath};
-					`;
+						const encodedPath = encodeBase64(logPath);
+					const command = `tail -n +1 -f "$(echo '${encodedPath}' | base64 -d)"`;
+
 						sshClient!.exec(command, (err, stream) => {
 							if (err) {
 								sshClient!.end();
diff --git a/packages/server/src/wss/utils.ts b/packages/server/src/wss/utils.ts
index d54197ad7..0ea7485f9 100644
--- a/packages/server/src/wss/utils.ts
+++ b/packages/server/src/wss/utils.ts
@@ -40,6 +40,10 @@ export const readValidDirectory = (
 	directory: string,
 	serverId?: string | null,
 ) => {
+	if (!/^[\w/. -]{1,500}$/.test(directory)) {
+		return false;
+	}
+
 	const { BASE_PATH } = paths(!!serverId);
 
 	const resolvedBase = path.resolve(BASE_PATH);