diff --git a/runtime/autoload/tar.vim b/runtime/autoload/tar.vim
index 6695a4d22d..a269d8d178 100644
--- a/runtime/autoload/tar.vim
+++ b/runtime/autoload/tar.vim
@@ -17,6 +17,7 @@
 "   2025 Apr 16 by Vim Project: decouple from netrw by adding s:WinPath()
 "   2025 May 19 by Vim Project: restore working directory after read/write
 "   2025 Jul 13 by Vim Project: warn with path traversal attacks
+"   2026 Feb 06 by Vim Project: consider 'nowrapscan' (#19333)
 "
 "	Contains many ideas from Michael Toren's <tar.vim>
 "
@@ -225,7 +226,7 @@ fun! tar#Browse(tarfile)
 
   " remove tar: Removing leading '/' from member names
   " Note: the message could be localized
-  if search('^tar: ') > 0 || search(g:tar_leading_pat) > 0
+  if search('^tar: ', 'w') > 0 || search(g:tar_leading_pat, 'w') > 0
     call append(3,'" Note: Path Traversal Attack detected!')
     let b:leading_slash = 1
     " remove the message output
diff --git a/test/old/testdir/test_plugin_tar.vim b/test/old/testdir/test_plugin_tar.vim
index a6f2158673..9fab170b13 100644
--- a/test/old/testdir/test_plugin_tar.vim
+++ b/test/old/testdir/test_plugin_tar.vim
@@ -125,3 +125,24 @@ func Test_tar_evil()
 
   bw!
 endfunc
+
+func Test_tar_path_traversal_with_nowrapscan()
+  call s:CopyFile("evil.tar")
+  defer delete("X.tar")
+  " Make sure we still find the tar warning (or leading slashes) even when
+  " wrapscan is off
+  set nowrapscan
+  e X.tar
+
+  "## Check header
+  call assert_match('^" tar\.vim version v\d\+', getline(1))
+  call assert_match('^" Browsing tarfile .*/X.tar', getline(2))
+  call assert_match('^" Select a file with cursor and press ENTER, "x" to extract a file', getline(3))
+  call assert_match('^" Note: Path Traversal Attack detected', getline(4))
+  call assert_match('^$', getline(5))
+  call assert_match('/etc/ax-pwn', getline(6))
+
+  call assert_equal(1, b:leading_slash)
+
+  bw!
+endfunc