diff --git a/src/backend/src/api/APIError.js b/src/backend/src/api/APIError.js
index eb16f341d4..50a8dc933c 100644
--- a/src/backend/src/api/APIError.js
+++ b/src/backend/src/api/APIError.js
@@ -97,7 +97,7 @@ module.exports = class APIError {
             message: 'Cannot copy an item to the root directory.',
         },
         'cannot_write_to_root': {
-            status: 422,
+            status: 403,
             message: 'Cannot write an item to the root directory.',
         },
         'cannot_overwrite_a_directory': {
diff --git a/src/puter-js/src/modules/FileSystem/operations/mkdir.js b/src/puter-js/src/modules/FileSystem/operations/mkdir.js
index c256ab6547..fc77a97f5f 100644
--- a/src/puter-js/src/modules/FileSystem/operations/mkdir.js
+++ b/src/puter-js/src/modules/FileSystem/operations/mkdir.js
@@ -25,7 +25,7 @@ const mkdir = function (...args) {
     }
 
     return new Promise(async (resolve, reject) => {
-        // If auth token is not provided and we are in the web environment, 
+        // If auth token is not provided and we are in the web environment,
         // try to authenticate with Puter
         if(!puter.authToken && puter.env === 'web'){
             try{
@@ -44,6 +44,19 @@ const mkdir = function (...args) {
 
         options.path = getAbsolutePathForApp(options.path);
 
+        // Check if trying to create directory in root (after resolving absolute path)
+        if (options.path === '/' || path.dirname(options.path) === '/') {
+            const errorResponse = {
+                status: 403,
+                message: "Cannot write an item to the root directory."
+            };
+            if (options.error) options.error(errorResponse);
+            reject(errorResponse);
+            return;
+        }
+
+
+
         xhr.send(JSON.stringify({
             parent: path.dirname(options.path),
             path:	path.basename(options.path),