diff --git a/elevate-cpanel b/elevate-cpanel
index f6d88a19..3e7ec3b1 100755
--- a/elevate-cpanel
+++ b/elevate-cpanel
@@ -5609,6 +5609,9 @@ EOS
 
     sub _ssystem ( $command, %opts ) {
         my @args = @{ $command // [] };
+
+        return 42 if $args[0] !~ '^/' || !-x $args[0];
+
         INFO( "Running: " . join( " ", @args ) );
         INFO();    # Buffer so they can more easily read the output.
 
diff --git a/lib/Elevate/Roles/Run.pm b/lib/Elevate/Roles/Run.pm
index 9def633b..edc2c8fa 100644
--- a/lib/Elevate/Roles/Run.pm
+++ b/lib/Elevate/Roles/Run.pm
@@ -70,6 +70,10 @@ sub ssystem_and_die ( $self, @args ) {
 
 sub _ssystem ( $command, %opts ) {
     my @args = @{ $command // [] };
+
+    # Only allow the program to be an executable absolute path
+    return 42 if $args[0] !~ '^/' || !-x $args[0];
+
     INFO( "Running: " . join( " ", @args ) );
     INFO();    # Buffer so they can more easily read the output.
 
diff --git a/t/ssystem.t b/t/ssystem.t
index 892a9a36..8a2d96e1 100644
--- a/t/ssystem.t
+++ b/t/ssystem.t
@@ -23,6 +23,11 @@ my $mock_log_file = Test::MockFile->file('/var/log/elevate-cpanel.log');
 
 my $cpev = cpev->new->_init;
 
+is( cpev->ssystem('nope'), 42, q[ssystem( 'nope' ) is disallowed] );
+is( cpev->ssystem('grep'), 42, 'Commands that are not absolute paths are not allowed' );
+
+is( cpev->ssystem('/etc/apache2/conf/httpd.conf'), 42, 'Commands that are not executable are not allowed' );
+
 is( cpev->ssystem("/bin/true"), 0, q[ssystem( "/bin/true" ) == 0] );
 isnt( my $status_false = cpev->ssystem("/bin/false"), 0, q[ssystem( "/bin/false" ) != 0] );