From ca41e1bad65ee7b73b446d89fa59dec8fdfb74ca Mon Sep 17 00:00:00 2001
From: Coco Sheng <cocosheng@google.com>
Date: Tue, 12 May 2026 13:13:10 -0400
Subject: [PATCH] fix(security): securely handle root CWD in
 isTrustedSystemPath

---
 packages/core/src/utils/paths.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/packages/core/src/utils/paths.ts b/packages/core/src/utils/paths.ts
index 87d0ee053a..37025bd4c2 100644
--- a/packages/core/src/utils/paths.ts
+++ b/packages/core/src/utils/paths.ts
@@ -521,7 +521,8 @@ export function isTrustedSystemPath(filePath: string): boolean {
 
   // 1. Explicitly reject paths in current working directory to prevent RCE
   const normCwd = normalizePath(process.cwd());
-  if (normPath === normCwd || normPath.startsWith(normCwd + '/')) {
+  const relative = path.relative(normCwd, normPath);
+  if (!relative.startsWith('..') && !path.isAbsolute(relative)) {
     return false;
   }