diff --git a/apps/space/core/components/account/auth-forms/auth-root.tsx b/apps/space/core/components/account/auth-forms/auth-root.tsx
index 5a54b19061..00f31234ba 100644
--- a/apps/space/core/components/account/auth-forms/auth-root.tsx
+++ b/apps/space/core/components/account/auth-forms/auth-root.tsx
@@ -40,8 +40,7 @@ export const AuthRoot: FC = observer(() => {
   const searchParams = useSearchParams();
   const emailParam = searchParams.get("email") || undefined;
   const error_code = searchParams.get("error_code") || undefined;
-  const nextPath = searchParams.get("next_path") || undefined;
-  const next_path = searchParams.get("next_path");
+  const next_path = searchParams.get("next_path") || undefined;
   // states
   const [authMode, setAuthMode] = useState<EAuthModes>(EAuthModes.SIGN_UP);
   const [authStep, setAuthStep] = useState<EAuthSteps>(EAuthSteps.EMAIL);
@@ -220,7 +219,7 @@ export const AuthRoot: FC = observer(() => {
           <AuthUniqueCodeForm
             mode={authMode}
             email={email}
-            nextPath={nextPath}
+            nextPath={next_path}
             handleEmailClear={() => {
               setEmail("");
               setAuthStep(EAuthSteps.EMAIL);
@@ -234,7 +233,7 @@ export const AuthRoot: FC = observer(() => {
             isPasswordAutoset={isPasswordAutoset}
             isSMTPConfigured={isSMTPConfigured}
             email={email}
-            nextPath={nextPath}
+            nextPath={next_path}
             handleEmailClear={() => {
               setEmail("");
               setAuthStep(EAuthSteps.EMAIL);
diff --git a/apps/web/core/lib/wrappers/authentication-wrapper.tsx b/apps/web/core/lib/wrappers/authentication-wrapper.tsx
index c8802b311a..81db296afe 100644
--- a/apps/web/core/lib/wrappers/authentication-wrapper.tsx
+++ b/apps/web/core/lib/wrappers/authentication-wrapper.tsx
@@ -4,6 +4,7 @@ import type { FC, ReactNode } from "react";
 import { observer } from "mobx-react";
 import { useSearchParams, usePathname } from "next/navigation";
 import useSWR from "swr";
+import { isValidNextPath } from "@plane/utils";
 // components
 import { LogoSpinner } from "@/components/common/logo-spinner";
 // helpers
@@ -55,7 +56,7 @@ export const AuthenticationWrapper: FC<TAuthenticationWrapper> = observer((props
     let redirectionRoute = "/create-workspace";
 
     // validating the nextPath from the router query
-    if (nextPath && isValidURL(nextPath.toString())) {
+    if (nextPath && isValidURL(nextPath.toString()) && isValidNextPath(sanitize(nextPath.toString()))) {
       redirectionRoute = nextPath.toString();
       return redirectionRoute;
     }
diff --git a/package.json b/package.json
index 7a487e286a..72bed40c70 100644
--- a/package.json
+++ b/package.json
@@ -46,7 +46,7 @@
       "unrs-resolver"
     ]
   },
-  "packageManager": "pnpm@10.12.1",
+  "packageManager": "pnpm@10.20.0",
   "engines": {
     "node": ">=22.18.0"
   }