diff --git a/services/src/main/java/org/keycloak/theme/FolderTheme.java b/services/src/main/java/org/keycloak/theme/FolderTheme.java
index f15bddbf33..28a1c11201 100644
--- a/services/src/main/java/org/keycloak/theme/FolderTheme.java
+++ b/services/src/main/java/org/keycloak/theme/FolderTheme.java
@@ -93,7 +93,7 @@ public class FolderTheme implements Theme {
         }
 
         File file = new File(resourcesDir, path);
-        if (!file.isFile() || !file.getCanonicalPath().startsWith(resourcesDir.getCanonicalPath())) {
+        if (!file.isFile() || !file.getCanonicalPath().startsWith(resourcesDir.getCanonicalPath() + File.separator)) {
             return null;
         } else {
             return file.toURI().toURL().openStream();
diff --git a/services/src/main/java/org/keycloak/theme/FolderThemeProvider.java b/services/src/main/java/org/keycloak/theme/FolderThemeProvider.java
index 5c75f56f2b..1ea3123af8 100755
--- a/services/src/main/java/org/keycloak/theme/FolderThemeProvider.java
+++ b/services/src/main/java/org/keycloak/theme/FolderThemeProvider.java
@@ -84,7 +84,15 @@ public class FolderThemeProvider implements ThemeProvider {
     }
 
     private File getThemeDir(String name, Theme.Type type) {
-        return new File(themesDir, name + File.separator + type.name().toLowerCase());
+        File f = new File(themesDir, name + File.separator + type.name().toLowerCase());
+        try {
+            if (!f.getCanonicalPath().startsWith(themesDir.getCanonicalPath() + File.separator)) {
+                return null;
+            }
+        } catch (IOException e) {
+            return null;
+        }
+        return f;
     }
 
 }