diff --git a/packages/core/src/utils/paths.ts b/packages/core/src/utils/paths.ts
index 87d0ee053a..37025bd4c2 100644
--- a/packages/core/src/utils/paths.ts
+++ b/packages/core/src/utils/paths.ts
@@ -521,7 +521,8 @@ export function isTrustedSystemPath(filePath: string): boolean {
 
   // 1. Explicitly reject paths in current working directory to prevent RCE
   const normCwd = normalizePath(process.cwd());
-  if (normPath === normCwd || normPath.startsWith(normCwd + '/')) {
+  const relative = path.relative(normCwd, normPath);
+  if (!relative.startsWith('..') && !path.isAbsolute(relative)) {
     return false;
   }