diff --git a/services/tunnelbroker/docker-server/contents/server/src/Constants.h b/services/tunnelbroker/docker-server/contents/server/src/Constants.h
--- a/services/tunnelbroker/docker-server/contents/server/src/Constants.h
+++ b/services/tunnelbroker/docker-server/contents/server/src/Constants.h
@@ -19,6 +19,8 @@
 const size_t SESSION_ID_LENGTH = 64;
 const size_t SESSION_RECORD_TTL = 30 * 24 * 3600; // 30 days
 const size_t SESSION_SIGN_RECORD_TTL = 24 * 3600; // 24 hours
+const std::regex SESSION_ID_FORMAT_REGEX(
+    "[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}");
 
 // gRPC Server
 const std::string SERVER_LISTEN_ADDRESS = "0.0.0.0:50051";
diff --git a/services/tunnelbroker/docker-server/contents/server/src/Service/TunnelbrokerServiceImpl.cpp b/services/tunnelbroker/docker-server/contents/server/src/Service/TunnelbrokerServiceImpl.cpp
--- a/services/tunnelbroker/docker-server/contents/server/src/Service/TunnelbrokerServiceImpl.cpp
+++ b/services/tunnelbroker/docker-server/contents/server/src/Service/TunnelbrokerServiceImpl.cpp
@@ -133,6 +133,13 @@
     google::protobuf::Empty *reply) {
   try {
     const std::string sessionID = request->sessionid();
+    if (!validateSessionID(sessionID)) {
+      std::cout << "gRPC: "
+                << "Format validation failed for " << sessionID << std::endl;
+      return grpc::Status(
+          grpc::StatusCode::INVALID_ARGUMENT,
+          "Format validation failed for sessionID");
+    }
     std::shared_ptr<database::DeviceSessionItem> sessionItem =
         database::DatabaseManager::getInstance().findSessionItem(sessionID);
     if (sessionItem == nullptr) {
@@ -168,6 +175,13 @@
     grpc::ServerWriter<tunnelbroker::GetResponse> *writer) {
   try {
     const std::string sessionID = request->sessionid();
+    if (!validateSessionID(sessionID)) {
+      std::cout << "gRPC: "
+                << "Format validation failed for " << sessionID << std::endl;
+      return grpc::Status(
+          grpc::StatusCode::INVALID_ARGUMENT,
+          "Format validation failed for sessionID");
+    }
     std::shared_ptr<database::DeviceSessionItem> sessionItem =
         database::DatabaseManager::getInstance().findSessionItem(sessionID);
     if (sessionItem == nullptr) {
diff --git a/services/tunnelbroker/docker-server/contents/server/src/Tools/Tools.h b/services/tunnelbroker/docker-server/contents/server/src/Tools/Tools.h
--- a/services/tunnelbroker/docker-server/contents/server/src/Tools/Tools.h
+++ b/services/tunnelbroker/docker-server/contents/server/src/Tools/Tools.h
@@ -10,6 +10,7 @@
 long long getCurrentTimestamp();
 bool validateDeviceID(std::string deviceID);
 std::string generateUUID();
+bool validateSessionID(std::string sessionID);
 
 } // namespace network
 } // namespace comm
diff --git a/services/tunnelbroker/docker-server/contents/server/src/Tools/Tools.cpp b/services/tunnelbroker/docker-server/contents/server/src/Tools/Tools.cpp
--- a/services/tunnelbroker/docker-server/contents/server/src/Tools/Tools.cpp
+++ b/services/tunnelbroker/docker-server/contents/server/src/Tools/Tools.cpp
@@ -56,5 +56,16 @@
   return boost::uuids::to_string(random_generator());
 }
 
+bool validateSessionID(std::string sessionID) {
+  try {
+    return std::regex_match(sessionID, SESSION_ID_FORMAT_REGEX);
+  } catch (const std::exception &e) {
+    std::cout << "Tools: "
+              << "Got an exception at `validateSessionId`: " << e.what()
+              << std::endl;
+    return false;
+  }
+}
+
 } // namespace network
 } // namespace comm