diff --git a/lib/Db/SharingACLMapper.php b/lib/Db/SharingACLMapper.php
index 47ea59e6..def4ad5b 100644
--- a/lib/Db/SharingACLMapper.php
+++ b/lib/Db/SharingACLMapper.php
@@ -42,7 +42,7 @@ class SharingACLMapper extends Mapper {
      * Gets the currently accepted share requests from the given user for the given vault guid
      * @param $user_id
      * @param $vault_id
-     *
+     * @return SharingACL[]
      */
     public function getVaultEntries($user_id, $vault_id) {
         $q = "SELECT * FROM ". self::TABLE_NAME ." WHERE user_id = ? AND vault_guid = ?";
diff --git a/lib/Service/ShareService.php b/lib/Service/ShareService.php
index 3a4b47d6..4607289b 100644
--- a/lib/Service/ShareService.php
+++ b/lib/Service/ShareService.php
@@ -98,6 +98,9 @@ class ShareService {
 
         $return = [];
         foreach ($entries as $entry){
+            // Check if the user can read the credential, probably unnecesary, but just to be sure
+            if (!$entry->hasPermission(SharingACL::READ)) continue;
+            
             $tmp = $entry->jsonSerialize();
             $tmp['credential_data'] = $this->credential->getCredentialById($entry->getItemId())->jsonSerialize();
             unset($tmp['credential_data']['shared_key']);