diff --git a/CHANGES/plugin_api/5912.bugfix b/CHANGES/plugin_api/5912.bugfix
new file mode 100644
index 0000000000..42cd05d5ad
--- /dev/null
+++ b/CHANGES/plugin_api/5912.bugfix
@@ -0,0 +1 @@
+Downloaders now always ensure the download ends up under `WORKING_DIRECTORY`.
diff --git a/pulpcore/download/base.py b/pulpcore/download/base.py
index d5c25a7d9b..eb65470245 100644
--- a/pulpcore/download/base.py
+++ b/pulpcore/download/base.py
@@ -5,8 +5,10 @@
 import logging
 import os
 import tempfile
+from pathlib import Path
 from urllib.parse import urlsplit
 
+from django.conf import settings
 from pulpcore.app import pulp_hashlib
 from pulpcore.app.models import Artifact
 from pulpcore.exceptions import (
@@ -127,7 +129,13 @@ def _ensure_writer_has_open_file(self):
             # write the file to the current working directory with a random prefix and the
             # desired suffix. we always want the random prefix as it is possible to download
             # the same filename from two different URLs, and the files may not be the same.
-            self._writer = tempfile.NamedTemporaryFile(dir=".", suffix=suffix, delete=False)
+            # Ensure CWD is in Pulp's working directory to prevent permission error on download
+            work_dir = str(settings.WORKING_DIRECTORY)
+            self._writer = tempfile.NamedTemporaryFile(
+                dir="." if Path.cwd().is_relative_to(work_dir) else work_dir,
+                suffix=suffix,
+                delete=False,
+            )
             self.path = self._writer.name
             self._digests = {n: pulp_hashlib.new(n) for n in Artifact.DIGEST_FIELDS}
             self._size = 0