diff --git a/webapp/src/Controller/Team/ClarificationController.php b/webapp/src/Controller/Team/ClarificationController.php
index 8134a4e2bd..0010a3d3c3 100644
--- a/webapp/src/Controller/Team/ClarificationController.php
+++ b/webapp/src/Controller/Team/ClarificationController.php
@@ -101,9 +101,12 @@ public function viewAction(Request $request, int $clarId): Response
             throw new HttpException(401, 'Permission denied');
         }
 
-        // Get the "parent" message if we have one.
+        // Get the "parent" message if we have one - if we have access to it
         if ($clarification->getInReplyTo()) {
-            $clarification = $clarification->getInReplyTo();
+            $parent = $clarification->getInReplyTo();
+            if ($team->canViewClarification($parent)) {
+                $clarification = $parent;
+            }
         }
 
         // Mark clarification as read.