diff --git a/changes/3241.fix.md b/changes/3241.fix.md
new file mode 100644
index 0000000000..ee4fd4b6f6
--- /dev/null
+++ b/changes/3241.fix.md
@@ -0,0 +1 @@
+Prevent vfolder `request-download` API from accessing host filesystem.
diff --git a/src/ai/backend/storage/api/client.py b/src/ai/backend/storage/api/client.py
index bf2ac0a671..f9b526dc23 100644
--- a/src/ai/backend/storage/api/client.py
+++ b/src/ai/backend/storage/api/client.py
@@ -156,7 +156,7 @@ class Params(TypedDict):
                 if (dst_dir := params["dst_dir"]) is not None:
                     parent_dir = vfpath / dst_dir
                 file_path = parent_dir / token_data["relpath"]
-                file_path.relative_to(vfpath)
+                file_path.resolve().relative_to(vfpath)
                 if not file_path.exists():
                     raise FileNotFoundError
             except (ValueError, FileNotFoundError):