diff --git a/NEWS b/NEWS
index 44183827a..1eec3f592 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,7 @@ ver 0.23.11 (not yet released)
 * macOS: fix build failure "no archive members specified"
 * Windows
   - fix crash bug (stack buffer overflow) after I/O errors
+  - fix path traversal bug because backslash was allowed in playlist names
 * Android/Windows
   - update OpenSSL to 3.0.7
 
diff --git a/src/PlaylistFile.cxx b/src/PlaylistFile.cxx
index 7035136df..24cde1a04 100644
--- a/src/PlaylistFile.cxx
+++ b/src/PlaylistFile.cxx
@@ -81,6 +81,9 @@ spl_valid_name(const char *name_utf8)
 	 */
 
 	return std::strchr(name_utf8, '/') == nullptr &&
+#ifdef _WIN32
+		std::strchr(name_utf8, '\\') == nullptr &&
+#endif
 		std::strchr(name_utf8, '\n') == nullptr &&
 		std::strchr(name_utf8, '\r') == nullptr;
 }