diff --git a/app/utils.py b/app/utils.py
index 83ee0403..ba5c8657 100644
--- a/app/utils.py
+++ b/app/utils.py
@@ -87,7 +87,7 @@ class NextUrlSanitizer:
                 return replaced
             else:
                 return None
-        if result.path and result.path[0] == "/":
+        if result.path and result.path[0] == "/" and not result.path.startswith("//"):
             return result.path
 
         return None
diff --git a/tests/test_utils.py b/tests/test_utils.py
index 013ea681..28b3d4b3 100644
--- a/tests/test_utils.py
+++ b/tests/test_utils.py
@@ -27,6 +27,7 @@ def generate_sanitize_url_cases() -> List:
         ["/auth", "/auth"],
         ["/some/path", "/some/path"],
         ["//somewhere.net", None],
+        ["//\\\\evil.com", None],
     ]
     for domain in ALLOWED_REDIRECT_DOMAINS:
         cases.append([f"http://{domain}", f"http://{domain}"])