diff --git a/core/server/models/base/index.js b/core/server/models/base/index.js
index 08841d7c1f..06982017ff 100644
--- a/core/server/models/base/index.js
+++ b/core/server/models/base/index.js
@@ -277,6 +277,11 @@ ghostBookshelf.Model = ghostBookshelf.Model.extend({
         // Run specific conversion of model query options to where options
         options = this.processOptions(itemCollection, options);
 
+        // Ensure only valid fields/columns are added to query
+        if (options.columns) {
+            options.columns = _.intersection(options.columns, this.prototype.permittedAttributes());
+        }
+
         // Prefetch filter objects
         return Promise.all(baseUtils.filtering.preFetch(filterObjects)).then(function doQuery() {
             // If there are `where` conditionals specified, add those to the query.
diff --git a/core/test/integration/api/api_posts_spec.js b/core/test/integration/api/api_posts_spec.js
index 70ec48c818..904d620d9a 100644
--- a/core/test/integration/api/api_posts_spec.js
+++ b/core/test/integration/api/api_posts_spec.js
@@ -241,6 +241,43 @@ describe('Post API', function () {
                 done();
             });
         });
+
+        it('with context.user can fetch a single field', function (done) {
+            PostAPI.browse({context: {user: 1}, status: 'all', limit: 5, fields: 'title'}).then(function (results) {
+                should.exist(results.posts);
+
+                results.posts[0].title.should.exist;
+                should.not.exist(results.posts[0].slug);
+
+                done();
+            }).catch(done);
+        });
+
+        it('with context.user can fetch multiple fields', function (done) {
+            PostAPI.browse({context: {user: 1}, status: 'all', limit: 5, fields: 'slug,published_at'}).then(function (results) {
+                should.exist(results.posts);
+
+                results.posts[0].published_at.should.exist;
+                results.posts[0].slug.should.exist;
+                should.not.exist(results.posts[0].title);
+
+                done();
+            }).catch(done);
+        });
+
+        it('with context.user can fetch a field and not return invalid field', function (done) {
+            PostAPI.browse({context: {user: 1}, status: 'all', limit: 5, fields: 'foo,title'}).then(function (results) {
+                var objectKeys;
+                should.exist(results.posts);
+
+                results.posts[0].title.should.exist;
+                should.not.exist(results.posts[0].foo);
+                objectKeys = _.keys(results.posts[0]);
+                objectKeys.length.should.eql(1);
+
+                done();
+            }).catch(done);
+        });
     });
 
     describe('Read', function () {