diff --git a/backend/src/api/acceleration/acceleration.routes.ts b/backend/src/api/acceleration/acceleration.routes.ts
index b07032b5a1..1c959ad4c6 100644
--- a/backend/src/api/acceleration/acceleration.routes.ts
+++ b/backend/src/api/acceleration/acceleration.routes.ts
@@ -66,7 +66,20 @@ class AccelerationRoutes {
   }
 
   private async $getAcceleratorAccelerationsStats(req: Request, res: Response): Promise<void> {
-    const url = `${config.MEMPOOL_SERVICES.API}/${req.originalUrl.replace('/api/v1/services/', '')}`;
+    const allowedPaths = {
+      'accelerations': 'accelerations',
+      'accelerations/history': 'accelerations/history',
+      'accelerations/stats': 'accelerations/stats',
+      'estimate': 'estimate',
+    };
+    const userPath = req.originalUrl.replace('/api/v1/services/', '');
+    const safePath = allowedPaths[userPath];
+    if (!safePath) {
+      logger.err(`Invalid path requested: ${userPath}`, this.tag);
+      res.status(400).send({ error: 'Invalid path' });
+      return;
+    }
+    const url = `${config.MEMPOOL_SERVICES.API}/${safePath}`;
     try {
       const response = await axios.get(url, { responseType: 'stream', timeout: 10000 });
       for (const key in response.headers) {