diff --git a/CHANGES b/CHANGES
index fa1b9878e5..b21af38303 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+5725.	[bug]		Validate HTTP path passed to dig. [GL #2923]
+
 5724.	[bug]		Address potential dead lock when checking zone
 			content consistency. [GL #2908]
 
diff --git a/bin/dig/dig.c b/bin/dig/dig.c
index 7b1e649d1c..0b1a0bfcb9 100644
--- a/bin/dig/dig.c
+++ b/bin/dig/dig.c
@@ -1482,6 +1482,14 @@ plus_option(char *option, bool is_batchfile, bool *need_clone,
 				lookup->https_path = isc_mem_strdup(
 					mctx, ISC_NM_HTTP_DEFAULT_PATH);
 			} else {
+				if (!isc_nm_http_path_isvalid(value)) {
+					fprintf(stderr,
+						";; The given HTTP path \"%s\" "
+						"is not "
+						"a valid absolute path\n",
+						value);
+					goto invalid_option;
+				}
 				lookup->https_path = isc_mem_strdup(mctx,
 								    value);
 			}