2 files changed, 15 insertions, 7 deletions

diff --git a/src/Jellyfin.LiveTv/Listings/ListingsManager.cs b/src/Jellyfin.LiveTv/Listings/ListingsManager.cs
index c18ebe0ab0..58683deb30 100644
--- a/src/Jellyfin.LiveTv/Listings/ListingsManager.cs
+++ b/src/Jellyfin.LiveTv/Listings/ListingsManager.cs
@@ -337,11 +337,18 @@ public class ListingsManager : IListingsManager
         // Clear in-memory EPG channel cache for this provider
         _epgChannels.TryRemove(providerId, out _);
 
+        // Provider IDs are generated as Guid.NewGuid().ToString("N")
+        // reject anything else so we never use untrusted input in a path or log entry.
+        if (!Guid.TryParseExact(providerId, "N", out var providerGuid))
+        {
+            return;
+        }
+
         // Delete the cached XMLTV file so a fresh copy is downloaded
         var cachePath = _config.CommonApplicationPaths?.CachePath;
         if (!string.IsNullOrEmpty(cachePath))
         {
-            var safeId = Path.GetFileName(providerId);
+            var safeId = providerGuid.ToString("N", CultureInfo.InvariantCulture);
             var xmltvCacheFile = Path.Combine(cachePath, "xmltv", safeId + ".xml");
             try
             {
@@ -349,7 +356,7 @@ public class ListingsManager : IListingsManager
             }
             catch (IOException ex)
             {
-                _logger.LogWarning(ex, "Error deleting XMLTV cache file for provider {ProviderId}", providerId);
+                _logger.LogWarning(ex, "Error deleting XMLTV cache file for provider {ProviderId}", safeId);
             }
         }
     }
diff --git a/src/Jellyfin.LiveTv/TunerHosts/TunerHostManager.cs b/src/Jellyfin.LiveTv/TunerHosts/TunerHostManager.cs
index 7b2ebfe85e..cfd763b6fd 100644
--- a/src/Jellyfin.LiveTv/TunerHosts/TunerHostManager.cs
+++ b/src/Jellyfin.LiveTv/TunerHosts/TunerHostManager.cs
@@ -107,11 +107,12 @@ public class TunerHostManager : ITunerHostManager
         config.TunerHosts = config.TunerHosts.Where(i => !string.Equals(id, i.Id, StringComparison.OrdinalIgnoreCase)).ToArray();
         _config.SaveConfiguration("livetv", config);
 
-        // Clean up the disk cache file for this tuner
-        if (!string.IsNullOrEmpty(id))
+        // Clean up the disk cache file for this tuner.
+        // Tuner IDs are generated as Guid.NewGuid().ToString("N")
+        // reject anything else so we never use untrusted input in a path or log entry
+        if (Guid.TryParseExact(id, "N", out var tunerGuid))
         {
-            // Sanitize to prevent path traversal — tuner IDs are GUIDs but come from config.
-            var safeId = Path.GetFileName(id);
+            var safeId = tunerGuid.ToString("N", CultureInfo.InvariantCulture);
             var channelCacheFile = Path.Combine(_config.CommonApplicationPaths.CachePath, safeId + "_channels");
             try
             {
@@ -119,7 +120,7 @@ public class TunerHostManager : ITunerHostManager
             }
             catch (IOException ex)
             {
-                _logger.LogWarning(ex, "Error deleting channel cache file for tuner {TunerId}", id);
+                _logger.LogWarning(ex, "Error deleting channel cache file for tuner {TunerId}", safeId);
             }
         }