diff --git a/internal/handlers/app.go b/internal/handlers/app.go
index 54b72bc..28382de 100644
--- a/internal/handlers/app.go
+++ b/internal/handlers/app.go
@@ -1022,6 +1022,14 @@ func (h *Handlers) HandleVolumeAdd() http.HandlerFunc {
 			return
 		}
 
+		pathErr := validateVolumePaths(hostPath, containerPath)
+		if pathErr != nil {
+			h.log.Error("invalid volume path", "error", pathErr)
+			http.Redirect(writer, request, "/apps/"+application.ID, http.StatusSeeOther)
+
+			return
+		}
+
 		volume := models.NewVolume(h.db)
 		volume.AppID = application.ID
 		volume.HostPath = hostPath