diff --git a/library/sinks/FileSystem.test.ts b/library/sinks/FileSystem.test.ts
index 85394993d..0eb8f248d 100644
--- a/library/sinks/FileSystem.test.ts
+++ b/library/sinks/FileSystem.test.ts
@@ -50,6 +50,7 @@ t.test("it works", async (t) => {
   agent.start([new FileSystem()]);
 
   const {
+    readFile,
     writeFile,
     writeFileSync,
     rename,
@@ -308,4 +309,28 @@ t.test("it works", async (t) => {
       rename(new URL("file:///../../test.txt"), "../test2.txt", () => {});
     }
   );
+
+  runWithContext(
+    {
+      remoteAddress: "::1",
+      method: "POST",
+      url: "http://localhost:4000",
+      query: {
+        q: "file://test/../../../../../../../../../../etc/passwd",
+      },
+      headers: {},
+      body: {},
+      cookies: {},
+      routeParams: {},
+      source: "express",
+      route: "/posts/:id",
+    },
+    () => {
+      const file = "file://test/../../../../../../../../../../etc/passwd";
+      throws(
+        () => readFile(new URL(`file:///public/${file}`)),
+        "Zen has blocked a path traversal attack: fs.readFile(...) originating from query.q"
+      );
+    }
+  );
 });
diff --git a/library/vulnerabilities/path-traversal/detectPathTraversal.ts b/library/vulnerabilities/path-traversal/detectPathTraversal.ts
index b95df2c97..5a85d9d31 100644
--- a/library/vulnerabilities/path-traversal/detectPathTraversal.ts
+++ b/library/vulnerabilities/path-traversal/detectPathTraversal.ts
@@ -87,6 +87,6 @@ function isFileUrlString(path: string): boolean {
       // oxlint-disable-next-line no-control-regex
       .replace(/^[\u0000-\u0020]+/, "")
       .toLowerCase()
-      .startsWith("file:")
+      .startsWith("file:///")
   );
 }