diff --git a/lib/internal/modules/cjs/loader.js b/lib/internal/modules/cjs/loader.js
index 0727c8d2cffad3..a864ee94056bd4 100644
--- a/lib/internal/modules/cjs/loader.js
+++ b/lib/internal/modules/cjs/loader.js
@@ -423,7 +423,7 @@ function readPackageScope(checkPath) {
     checkPath = StringPrototypeSlice(checkPath, 0, separatorIndex);
     // Stop the search when the process doesn't have permissions
     // to walk upwards
-    if (enabledPermission && !permission.has('fs.read', checkPath)) {
+    if (enabledPermission && !permission.has('fs.read', checkPath + sep)) {
       return false;
     }
     if (StringPrototypeEndsWith(checkPath, sep + 'node_modules'))
diff --git a/test/fixtures/permission/loader/index.js b/test/fixtures/permission/loader/index.js
new file mode 100644
index 00000000000000..d0bb5ebde606e8
--- /dev/null
+++ b/test/fixtures/permission/loader/index.js
@@ -0,0 +1,3 @@
+const fs = require('node:fs');
+
+fs.readFile('/etc/passwd', () => {});
diff --git a/test/parallel/test-cli-permission-deny-fs.js b/test/parallel/test-cli-permission-deny-fs.js
index 6af6ba40788175..927d582094cd41 100644
--- a/test/parallel/test-cli-permission-deny-fs.js
+++ b/test/parallel/test-cli-permission-deny-fs.js
@@ -1,9 +1,12 @@
 'use strict';
 
-require('../common');
+const common = require('../common');
+
+const fixtures = require('../common/fixtures');
 const { spawnSync } = require('child_process');
 const assert = require('assert');
 const fs = require('fs');
+const path = require('path');
 
 {
   const { status, stdout } = spawnSync(
@@ -126,3 +129,23 @@ const fs = require('fs');
   assert.strictEqual(status, 1);
   assert.ok(!fs.existsSync('permission-deny-example.md'));
 }
+
+{
+  const { root } = path.parse(process.cwd());
+  const abs = (p) => path.join(root, p);
+  const firstPath = abs(path.sep + process.cwd().split(path.sep, 2)[1]);
+  if (firstPath.startsWith('/etc')) {
+    common.skip('/etc as firstPath');
+  }
+  const file = fixtures.path('permission', 'loader', 'index.js');
+  const { status, stderr } = spawnSync(
+    process.execPath,
+    [
+      '--experimental-permission',
+      `--allow-fs-read=${firstPath}`,
+      file,
+    ]
+  );
+  assert.match(stderr.toString(), /resource: '.*?[\\/](?:etc|passwd)'/);
+  assert.strictEqual(status, 1);
+}