diff --git a/backend/src/test/java/org/raddatz/familienarchiv/geschichte/GeschichteServiceTest.java b/backend/src/test/java/org/raddatz/familienarchiv/geschichte/GeschichteServiceTest.java
index 86cdd2a2..261b5bd9 100644
--- a/backend/src/test/java/org/raddatz/familienarchiv/geschichte/GeschichteServiceTest.java
+++ b/backend/src/test/java/org/raddatz/familienarchiv/geschichte/GeschichteServiceTest.java
@@ -307,6 +307,32 @@ class GeschichteServiceTest {
         assertThat(out).hasSizeLessThanOrEqualTo(200);
     }
 
+    @Test
+    @DisplayName("security: null status for blog writer returns PUBLISHED, never leaks drafts")
+    void list_with_blog_writer_and_null_status_returns_PUBLISHED_not_all_drafts() {
+        authenticateAs(writer, Permission.BLOG_WRITE);
+        when(geschichteRepository.findSummaries(any(), any(), any(), anyLong(), any()))
+                .thenReturn(List.of());
+
+        geschichteService.list(null, List.of(), null, 50);
+
+        verify(geschichteRepository).findSummaries(
+                eq(GeschichteStatus.PUBLISHED), isNull(), any(), anyLong(), any());
+    }
+
+    @Test
+    @DisplayName("security: DRAFT status scopes to current user only")
+    void list_with_DRAFT_status_scopes_to_current_user_not_all_authors() {
+        authenticateAs(writer, Permission.BLOG_WRITE);
+        when(geschichteRepository.findSummaries(any(), any(), any(), anyLong(), any()))
+                .thenReturn(List.of());
+
+        geschichteService.list(GeschichteStatus.DRAFT, List.of(), null, 50);
+
+        verify(geschichteRepository).findSummaries(
+                eq(GeschichteStatus.DRAFT), eq(writer.getId()), any(), anyLong(), any());
+    }
+
     // ─── create ──────────────────────────────────────────────────────────────
 
     @Test