diff --git a/changelogs/unreleased/55376-related_merge_requests-api-call-returns-merge-requests-that-are-not-related-to-the-issue.yml b/changelogs/unreleased/55376-related_merge_requests-api-call-returns-merge-requests-that-are-not-related-to-the-issue.yml
new file mode 100644
index 00000000000..d2f24d6f499
--- /dev/null
+++ b/changelogs/unreleased/55376-related_merge_requests-api-call-returns-merge-requests-that-are-not-related-to-the-issue.yml
@@ -0,0 +1,5 @@
+---
+title: 'API: Ensure that related merge requests are referenced cross-project'
+merge_request: 25222
+author: Robert Schilling
+type: fixed
diff --git a/spec/requests/api/issues_spec.rb b/spec/requests/api/issues_spec.rb
index cb6ccbb7053..8b704471487 100644
--- a/spec/requests/api/issues_spec.rb
+++ b/spec/requests/api/issues_spec.rb
@@ -1838,6 +1838,15 @@ describe API::Issues do
       expect_paginated_array_response([related_mr.id, merge_request.id])
     end
 
+    it 'does not generate references to projects with no access' do
+      private_project = create(:project, :private)
+      create_referencing_mr(private_project.creator, private_project, issue)
+
+      get_related_merge_requests(project.id, issue.iid, user)
+
+      expect_paginated_array_response(related_mr.id)
+    end
+
     context 'no merge request mentioned a issue' do
       it 'returns empty array' do
         get_related_merge_requests(project.id, closed_issue.iid, user)