diff --git a/apps/meteor/app/lib/server/methods/getMessages.ts b/apps/meteor/app/lib/server/methods/getMessages.ts
index 46c88152d59..bf34b0a75d9 100644
--- a/apps/meteor/app/lib/server/methods/getMessages.ts
+++ b/apps/meteor/app/lib/server/methods/getMessages.ts
@@ -3,7 +3,7 @@ import { check } from 'meteor/check';
 import type { IMessage } from '@rocket.chat/core-typings';
 
 import { canAccessRoomId } from '../../../authorization/server';
-import { Messages } from '../../../models/server';
+import { Messages, Rooms } from '../../../models/server';
 
 Meteor.methods({
 	getMessages(messages) {
@@ -16,9 +16,22 @@ Meteor.methods({
 
 		const msgs = Messages.findVisibleByIds(messages).fetch() as IMessage[];
 		const rids = [...new Set(msgs.map((m) => m.rid))];
+		const prids = [
+			...new Set(
+				rids.reduce<string[]>((prids, rid) => {
+					const room = Rooms.findOneById(rid);
 
-		if (!rids.every((_id) => canAccessRoomId(_id, uid))) {
-			throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'getSingleMessage' });
+					if (room?.prid) {
+						prids.push(room.prid);
+					}
+
+					return prids;
+				}, []),
+			),
+		];
+
+		if (!rids.every((_id) => canAccessRoomId(_id, uid)) || !prids.every((_id) => canAccessRoomId(_id, uid))) {
+			throw new Meteor.Error('error-not-allowed', 'Not allowed', 'getSingleMessage');
 		}
 
 		return msgs;
diff --git a/apps/meteor/server/methods/loadHistory.js b/apps/meteor/server/methods/loadHistory.js
index eef6bf10cb2..7795bd4ee77 100644
--- a/apps/meteor/server/methods/loadHistory.js
+++ b/apps/meteor/server/methods/loadHistory.js
@@ -2,7 +2,7 @@ import { Meteor } from 'meteor/meteor';
 import { check } from 'meteor/check';
 
 import { Subscriptions, Rooms } from '../../app/models/server';
-import { canAccessRoom, hasPermission, roomAccessAttributes } from '../../app/authorization/server';
+import { canAccessRoom, canAccessRoomId, hasPermission, roomAccessAttributes } from '../../app/authorization/server';
 import { settings } from '../../app/settings/server';
 import { loadMessageHistory } from '../../app/lib/server';
 
@@ -19,6 +19,7 @@ Meteor.methods({
 		const fromId = Meteor.userId();
 
 		const room = Rooms.findOneById(rid, { fields: { ...roomAccessAttributes, t: 1 } });
+
 		if (!room) {
 			return false;
 		}
@@ -27,6 +28,10 @@ Meteor.methods({
 			return false;
 		}
 
+		if (room.prid && !canAccessRoomId(room.prid, fromId)) {
+			return false;
+		}
+
 		const canAnonymous = settings.get('Accounts_AllowAnonymousRead');
 		const canPreview = hasPermission(fromId, 'preview-c-room');
 
diff --git a/apps/meteor/server/methods/loadSurroundingMessages.js b/apps/meteor/server/methods/loadSurroundingMessages.js
index 4fa92b0e79a..75eae0420d3 100644
--- a/apps/meteor/server/methods/loadSurroundingMessages.js
+++ b/apps/meteor/server/methods/loadSurroundingMessages.js
@@ -2,7 +2,7 @@ import { Meteor } from 'meteor/meteor';
 import { check } from 'meteor/check';
 
 import { canAccessRoomId } from '../../app/authorization/server';
-import { Messages } from '../../app/models/server';
+import { Messages, Rooms } from '../../app/models/server';
 import { settings } from '../../app/settings/server';
 import { normalizeMessagesForUser } from '../../app/utils/server/lib/normalizeMessagesForUser';
 
@@ -33,6 +33,12 @@ Meteor.methods({
 			return false;
 		}
 
+		const room = Rooms.findOneById(message.rid);
+
+		if (room.prid && !canAccessRoomId(room.prid, fromId)) {
+			return false;
+		}
+
 		limit -= 1;
 
 		const options = {