diff --git a/changelog/23802.txt b/changelog/23802.txt
new file mode 100644
index 0000000000..49caebc4fc
--- /dev/null
+++ b/changelog/23802.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+core/mounts: Fix reading an "auth" mount using "sys/internal/ui/mounts/" when filter paths are enforced returns 500 error code from the secondary
+```
diff --git a/vault/logical_system.go b/vault/logical_system.go
index e704926e20..af17fe2544 100644
--- a/vault/logical_system.go
+++ b/vault/logical_system.go
@@ -4325,7 +4325,12 @@ func (b *SystemBackend) pathInternalUIMountRead(ctx context.Context, req *logica
 		return errResp, logical.ErrPermissionDenied
 	}
 
-	filtered, err := b.Core.checkReplicatedFiltering(ctx, me, "")
+	var routerPrefix string
+	if strings.HasPrefix(me.APIPathNoNamespace(), credentialRoutePrefix) {
+		routerPrefix = credentialRoutePrefix
+	}
+
+	filtered, err := b.Core.checkReplicatedFiltering(ctx, me, routerPrefix)
 	if err != nil {
 		return nil, err
 	}