From 5bcc40002006086ba2ceff06efa1b0229eef0b0d Mon Sep 17 00:00:00 2001
From: Coco Sheng <cocosheng@google.com>
Date: Tue, 12 May 2026 13:25:04 -0400
Subject: [PATCH] fix(security): securely handle root CWD using isSubpath in
 isTrustedSystemPath

---
 packages/core/src/utils/paths.ts | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/packages/core/src/utils/paths.ts b/packages/core/src/utils/paths.ts
index 37025bd4c2..c2439e247b 100644
--- a/packages/core/src/utils/paths.ts
+++ b/packages/core/src/utils/paths.ts
@@ -520,9 +520,10 @@ export function isTrustedSystemPath(filePath: string): boolean {
   const normPath = normalizePath(filePath);
 
   // 1. Explicitly reject paths in current working directory to prevent RCE
+  // Exclude root directories to avoid inadvertently rejecting all system paths.
   const normCwd = normalizePath(process.cwd());
-  const relative = path.relative(normCwd, normPath);
-  if (!relative.startsWith('..') && !path.isAbsolute(relative)) {
+  const isRoot = normCwd === '/' || /^[a-zA-Z]:[\\/]?$/.test(normCwd);
+  if (!isRoot && isSubpath(normCwd, normPath)) {
     return false;
   }