diff --git a/unsloth/import_fixes.py b/unsloth/import_fixes.py
index 4a2211f9a0..5a1ab70816 100644
--- a/unsloth/import_fixes.py
+++ b/unsloth/import_fixes.py
@@ -1075,7 +1075,22 @@ def fake_supports_pdl(*args, **kwargs):
         "lora_shrink_op": "vllm.lora.ops.triton_ops.lora_shrink_op",
         "fused_moe_lora_op": "vllm.lora.ops.triton_ops.fused_moe_lora_op",
     }
+
+    # Whitelist of allowed module paths to prevent arbitrary code execution
+    allowed_modules = {
+        "vllm.lora.ops.triton_ops.lora_expand_op",
+        "vllm.lora.ops.triton_ops.lora_shrink_op",
+        "vllm.lora.ops.triton_ops.fused_moe_lora_op",
+    }
+
     for name, path in consumer_modules.items():
+        # Validate module path against whitelist before importing
+        if path not in allowed_modules:
+            logger.warning(
+                f"Unsloth: Skipping import of non-whitelisted module: {path}"
+            )
+            continue
+
         try:
             module = importlib.import_module(path)
             if hasattr(module, "supports_pdl"):