diff --git a/core/src/main/java/com/google/adk/agents/ConfigAgentUtils.java b/core/src/main/java/com/google/adk/agents/ConfigAgentUtils.java
index 893353f27..d4c8a142f 100644
--- a/core/src/main/java/com/google/adk/agents/ConfigAgentUtils.java
+++ b/core/src/main/java/com/google/adk/agents/ConfigAgentUtils.java
@@ -247,12 +247,18 @@ private static BaseAgent resolveSubAgentFromConfigPath(
       BaseAgentConfig.AgentRefConfig subAgentConfig, Path configDir) throws ConfigurationException {
 
     String configPath = subAgentConfig.configPath().trim();
-    Path subAgentConfigPath;
 
     if (Path.of(configPath).isAbsolute()) {
-      subAgentConfigPath = Path.of(configPath);
-    } else {
-      subAgentConfigPath = configDir.resolve(configPath);
+      throw new ConfigurationException(
+          "Absolute paths are not allowed in AgentTool config_path: " + configPath);
+    }
+
+    Path subAgentConfigPath = configDir.resolve(configPath).normalize().toAbsolutePath();
+    Path canonicalConfigDir = configDir.normalize().toAbsolutePath();
+
+    if (!subAgentConfigPath.startsWith(canonicalConfigDir)) {
+      throw new ConfigurationException(
+          "Path traversal detected: config_path resolves outside agent directory: " + configPath);
     }
 
     if (!Files.exists(subAgentConfigPath)) {