diff --git a/lib/private/Files/Storage/Common.php b/lib/private/Files/Storage/Common.php
index b6c82f3a1dfb9..0185069554f28 100644
--- a/lib/private/Files/Storage/Common.php
+++ b/lib/private/Files/Storage/Common.php
@@ -531,6 +531,11 @@ public function verifyPath($path, $fileName) {
 			}
 		}
 
+		// Do not allow RTLO char
+		if (mb_strpos($fileName,  mb_chr(8238, 'utf8')) !== false) {
+			throw new InvalidCharacterInPathException('RTLO not allowed');
+		}
+
 		if (isset($fileName[255])) {
 			throw new FileNameTooLongException();
 		}
diff --git a/tests/lib/Files/PathVerificationTest.php b/tests/lib/Files/PathVerificationTest.php
index 7e0b7dd265071..81054823817e6 100644
--- a/tests/lib/Files/PathVerificationTest.php
+++ b/tests/lib/Files/PathVerificationTest.php
@@ -105,6 +105,23 @@ public function providesAstralPlane() {
 		];
 	}
 
+
+	/**
+	 * @dataProvider providesInvalidUnicode
+	 */
+	public function testPathVerificationInvalidUnicode(string $fileName) {
+		$this->expectException(InvalidPathException::class);
+		$this->expectExceptionMessage('File name contains at least one invalid character');
+
+		$this->view->verifyPath('', $fileName);
+	}
+
+	public function providesInvalidUnicode() {
+		return [
+			['foo' . mb_chr(8238, 'utf8') . 'txt.html'], //RTLO
+		];
+	}
+
 	/**
 	 * @dataProvider providesInvalidCharsPosix
 	 * @expectedException \OCP\Files\InvalidCharacterInPathException