diff --git a/CHANGES b/CHANGES
index 8cdc5522f7..92c0c05585 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,8 @@
 v3.x.y - YYYY-MMM-DD (to be released)
 -------------------------------------
 
+  - Add WRDE_NOCMD to wordexp call
+    [Issue #3024 - @sahruldotid, @martinhsv]
   - Fix: validateDTD compile fails if when libxml2 not installed
     [Issue #3014 - @zangobot, @martinhsv]
   - Fix memory leak of validateDTD's dtd object
diff --git a/src/utils/system.cc b/src/utils/system.cc
index 690b5936a6..69b904042b 100644
--- a/src/utils/system.cc
+++ b/src/utils/system.cc
@@ -1,6 +1,6 @@
 /*
  * ModSecurity, http://www.modsecurity.org/
- * Copyright (c) 2015 - 2021 Trustwave Holdings, Inc. (http://www.trustwave.com/)
+ * Copyright (c) 2015 - 2023 Trustwave Holdings, Inc. (http://www.trustwave.com/)
  *
  * You may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
@@ -130,6 +130,7 @@ std::list<std::string> expandEnv(const std::string& var, int flags) {
             for (char** exp = p.gl_pathv; *exp; ++exp) {
 #else
     wordexp_t p;
+    flags = flags | WRDE_NOCMD;
     if (wordexp(var.c_str(), &p, flags) == false) {
         if (p.we_wordc) {
             for (char** exp = p.we_wordv; *exp; ++exp) {