diff --git a/typo3/sysext/backend/Classes/Security/CategoryPermissionsAspect.php b/typo3/sysext/backend/Classes/Security/CategoryPermissionsAspect.php
index 06d299e913d82734dbb82213da16aa174d1eca45..ee04fc61041a16bd0dd1b90a59bcfda8fc224311 100644
--- a/typo3/sysext/backend/Classes/Security/CategoryPermissionsAspect.php
+++ b/typo3/sysext/backend/Classes/Security/CategoryPermissionsAspect.php
@@ -17,7 +17,9 @@ namespace TYPO3\CMS\Backend\Security;
 use TYPO3\CMS\Backend\Tree\TreeNode;
 use TYPO3\CMS\Backend\Tree\TreeNodeCollection;
 use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
+use TYPO3\CMS\Core\Database\ConnectionPool;
 use TYPO3\CMS\Core\Tree\TableConfiguration\DatabaseTreeDataProvider;
+use TYPO3\CMS\Core\Utility\GeneralUtility;
 
 /**
  * We do not have AOP in TYPO3 for now, thus the aspect which
@@ -69,6 +71,15 @@ class CategoryPermissionsAspect
 
             if (!empty($categoryMountPoints) && !empty($treeNodeCollection)) {
 
+                // Check the rootline against categoryMountPoints when tree was filtered
+                if ($dataProvider->getRootUid() !== null) {
+                    $uidsInRootline = $this->findUidsInRootline($dataProvider->getRootUid());
+                    if (!empty(array_intersect($categoryMountPoints, $uidsInRootline))) {
+                        // One of the parents was found in categoryMountPoints so all children are secure
+                        return;
+                    }
+                }
+
                 // First, remove all child nodes which must be analysed to be considered as "secure".
                 // The nodes were backed up in variable $treeNodeCollection beforehand.
                 $treeData->removeChildNodes();
@@ -122,4 +133,31 @@ class CategoryPermissionsAspect
         }
         return $result;
     }
+
+    /**
+     * Find parent uids in rootline
+     *
+     * @param int $uid
+     * @return array
+     */
+    protected function findUidsInRootline($uid)
+    {
+        /** @var \TYPO3\CMS\Core\Database\Query\QueryBuilder $queryBuilder */
+        $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($this->categoryTableName);
+        $row = $queryBuilder
+            ->select('parent')
+            ->from($this->categoryTableName)
+            ->where(
+                $queryBuilder->expr()->eq('uid', $queryBuilder->createNamedParameter($uid, \PDO::PARAM_INT))
+            )
+            ->execute()
+            ->fetch();
+
+        $parentUids = [];
+        if ($row['parent'] > 0) {
+            $parentUids = $this->findUidsInRootline($row['parent']);
+            $parentUids[] = $row['parent'];
+        }
+        return $parentUids;
+    }
 }