diff --git a/services/tunnelbroker/docker-server/contents/server/src/Constants.h b/services/tunnelbroker/docker-server/contents/server/src/Constants.h
--- a/services/tunnelbroker/docker-server/contents/server/src/Constants.h
+++ b/services/tunnelbroker/docker-server/contents/server/src/Constants.h
@@ -18,6 +18,8 @@
 const size_t SESSION_ID_LENGTH = 64;
 const size_t SESSION_RECORD_TTL = 30 * 24 * 3600; // 30 days
 const size_t SESSION_SIGN_RECORD_TTL = 24 * 3600; // 24 hours
+const std::regex SESSION_ID_FORMAT_REGEX(
+    "\b[0-9a-f]{8}\b-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-\b[0-9a-f]{12}\b");
 
 // gRPC Server
 const std::string SERVER_LISTEN_ADDRESS = "0.0.0.0:50051";
diff --git a/services/tunnelbroker/docker-server/contents/server/src/Service/TunnelbrokerServiceImpl.cpp b/services/tunnelbroker/docker-server/contents/server/src/Service/TunnelbrokerServiceImpl.cpp
--- a/services/tunnelbroker/docker-server/contents/server/src/Service/TunnelbrokerServiceImpl.cpp
+++ b/services/tunnelbroker/docker-server/contents/server/src/Service/TunnelbrokerServiceImpl.cpp
@@ -145,6 +145,13 @@
     google::protobuf::Empty *reply) {
   try {
     const std::string sessionId = request->sessionid();
+    if (!validateSessionId(sessionId)) {
+      std::cout << "gRPC: "
+                << "Format validation failed for " << sessionId << std::endl;
+      return grpc::Status(
+          grpc::StatusCode::INVALID_ARGUMENT,
+          "Format validation failed for sessionID");
+    }
     std::shared_ptr<database::DeviceSessionItem> sessionItem =
         database::DatabaseManager::getInstance().findSessionItem(sessionId);
     if (sessionItem == nullptr) {
@@ -180,6 +187,13 @@
     grpc::ServerWriter<tunnelbroker::GetResponse> *writer) {
   try {
     const std::string sessionId = request->sessionid();
+    if (!validateSessionId(sessionId)) {
+      std::cout << "gRPC: "
+                << "Format validation failed for " << sessionId << std::endl;
+      return grpc::Status(
+          grpc::StatusCode::INVALID_ARGUMENT,
+          "Format validation failed for sessionID");
+    }
     std::shared_ptr<database::DeviceSessionItem> sessionItem =
         database::DatabaseManager::getInstance().findSessionItem(sessionId);
     if (sessionItem == nullptr) {
diff --git a/services/tunnelbroker/docker-server/contents/server/src/Tools/Tools.h b/services/tunnelbroker/docker-server/contents/server/src/Tools/Tools.h
--- a/services/tunnelbroker/docker-server/contents/server/src/Tools/Tools.h
+++ b/services/tunnelbroker/docker-server/contents/server/src/Tools/Tools.h
@@ -10,6 +10,7 @@
 long long getCurrentTimestamp();
 bool validateDeviceId(std::string deviceId);
 std::string generateUUID();
+bool validateSessionId(std::string sessionId);
 
 } // namespace network
 } // namespace comm
diff --git a/services/tunnelbroker/docker-server/contents/server/src/Tools/Tools.cpp b/services/tunnelbroker/docker-server/contents/server/src/Tools/Tools.cpp
--- a/services/tunnelbroker/docker-server/contents/server/src/Tools/Tools.cpp
+++ b/services/tunnelbroker/docker-server/contents/server/src/Tools/Tools.cpp
@@ -60,5 +60,16 @@
   return boost::uuids::to_string(random_generator());
 }
 
+bool validateSessionId(std::string sessionId) {
+  try {
+    return std::regex_match(sessionId, SESSION_ID_FORMAT_REGEX);
+  } catch (const std::exception &e) {
+    std::cout << "Tools: "
+              << "Got an exception at `validateSessionId`: " << e.what()
+              << std::endl;
+    return false;
+  }
+}
+
 } // namespace network
 } // namespace comm