diff --git a/src/context/directory/handlers/actionModules.ts b/src/context/directory/handlers/actionModules.ts
index 09c06c9ad..eb90d69a1 100644
--- a/src/context/directory/handlers/actionModules.ts
+++ b/src/context/directory/handlers/actionModules.ts
@@ -31,6 +31,11 @@ function parse(context: DirectoryContext): ParsedActionModules {
       // It can be a relative path, so we need to handle both cases.
       const unixPath = module.code.replace(/[\\/]+/g, '/').replace(/^([a-zA-Z]+:|\.\/)/, '');
       if (fs.existsSync(unixPath)) {
+        log.warn(
+          `Support for absolute paths and paths outside the config root will be deprecated in a future version to improve the security of the tool. ` +
+            `Please update your configuration to use paths relative to the config directory. ` +
+            `Current absolute path used: ["${module.code}"]`
+        );
         module.code = context.loadFile(unixPath, moduleFolder);
       } else {
         module.code = context.loadFile(path.join(context.filePath, module.code), moduleFolder);
diff --git a/src/context/directory/handlers/actions.ts b/src/context/directory/handlers/actions.ts
index 3396cbba0..25df66cec 100644
--- a/src/context/directory/handlers/actions.ts
+++ b/src/context/directory/handlers/actions.ts
@@ -32,6 +32,11 @@ function parse(context: DirectoryContext): ParsedActions {
       const unixPath = action.code.replace(/[\\/]+/g, '/').replace(/^([a-zA-Z]+:|\.\/)/, '');
       if (fs.existsSync(unixPath)) {
         // If the Unix-style path exists, load the file from that path
+        log.warn(
+          `Support for absolute paths and paths outside the config root will be deprecated in a future version to improve the security of the tool. ` +
+            `Please update your configuration to use paths relative to the config directory. ` +
+            `Current absolute path used: ["${action.code}"]`
+        );
         action.code = context.loadFile(unixPath, actionFolder);
       } else {
         // Otherwise, load the file from the context's file path
diff --git a/src/context/directory/handlers/databases.ts b/src/context/directory/handlers/databases.ts
index 69d611a75..99ffbb1ee 100644
--- a/src/context/directory/handlers/databases.ts
+++ b/src/context/directory/handlers/databases.ts
@@ -33,6 +33,7 @@ type DatabaseMetadata = {
 
 function getDatabase(
   folder: string,
+  configRoot: string,
   mappingOpts: { mappings: KeywordMappings; disableKeywordReplacement: boolean }
 ): {} {
   const metaFile = path.join(folder, 'database.json');
@@ -68,10 +69,16 @@ function getDatabase(
         // skip invalid keys in customScripts object
         log.warn('Skipping invalid database configuration: ' + name);
       } else {
-        database.options.customScripts[name] = loadFileAndReplaceKeywords(
-          path.join(folder, script),
-          mappingOpts
-        );
+        const resolvedBase = path.resolve(configRoot);
+        const toLoad = path.resolve(folder, script);
+        if (!toLoad.startsWith(resolvedBase + path.sep)) {
+          log.warn(
+            `Support for absolute paths and paths outside the config root will be deprecated in a future version to improve the security of the tool. ` +
+              `Please update your configuration to use paths relative to the config directory. ` +
+              `Current absolute path used: ["${script}"]`
+          );
+        }
+        database.options.customScripts[name] = loadFileAndReplaceKeywords(toLoad, mappingOpts);
       }
     });
   }
@@ -90,7 +97,7 @@ function parse(context: DirectoryContext): ParsedDatabases {
 
   const databases = folders
     .map((f) =>
-      getDatabase(f, {
+      getDatabase(f, context.filePath, {
         mappings: context.mappings,
         disableKeywordReplacement: context.disableKeywordReplacement,
       })
diff --git a/src/context/directory/index.ts b/src/context/directory/index.ts
index 71eff04df..891e696ce 100644
--- a/src/context/directory/index.ts
+++ b/src/context/directory/index.ts
@@ -52,6 +52,11 @@ export default class DirectoryContext {
     if (!isFile(toLoad)) {
       // try load not relative to yaml file
       toLoad = f;
+      log.warn(
+        `Support for absolute paths and paths outside the config root will be deprecated in a future version to improve the security of the tool. ` +
+          `Please update your configuration to use paths relative to the config directory. ` +
+          `Current absolute path used: ["${f}"]`
+      );
     }
     return loadFileAndReplaceKeywords(toLoad, {
       mappings: this.mappings,
diff --git a/src/context/yaml/index.ts b/src/context/yaml/index.ts
index 24dc683bf..5a965cd9f 100644
--- a/src/context/yaml/index.ts
+++ b/src/context/yaml/index.ts
@@ -62,6 +62,11 @@ export default class YAMLContext {
     if (!isFile(toLoad)) {
       // try load not relative to yaml file
       toLoad = f;
+      log.warn(
+        `Support for absolute paths and paths outside the config root will be deprecated in a future version to improve the security of the tool. ` +
+          `Please update your configuration to use paths relative to the config directory. ` +
+          `Current absolute path used: ["${f}"]`
+      );
     }
     return loadFileAndReplaceKeywords(path.resolve(toLoad), {
       mappings: this.mappings,