diff --git a/src/GraphQL/Queries/EntryQuery.php b/src/GraphQL/Queries/EntryQuery.php
index 9e2e870ff9..bb6f2d0577 100644
--- a/src/GraphQL/Queries/EntryQuery.php
+++ b/src/GraphQL/Queries/EntryQuery.php
@@ -69,7 +69,7 @@ public function resolve($root, $args)
             $query->where('site', $site);
         }
 
-        $filters = $args['filter'] ?? null;
+        $filters = $args['filter'] ?? [];
 
         $this->filterQuery($query, $filters);
 
@@ -107,7 +107,7 @@ public function resolve($root, $args)
 
     private function filterQuery($query, $filters)
     {
-        if (! isset($filters['status']) && ! isset($filters['published'])) {
+        if (! request()->isLivePreview() && (! isset($filters['status']) && ! isset($filters['published']))) {
             $filters['status'] = 'published';
         }
 
diff --git a/tests/Feature/GraphQL/EntryTest.php b/tests/Feature/GraphQL/EntryTest.php
index c4593d1da1..e54dacdb72 100644
--- a/tests/Feature/GraphQL/EntryTest.php
+++ b/tests/Feature/GraphQL/EntryTest.php
@@ -4,6 +4,7 @@
 
 use Facades\Statamic\API\FilterAuthorizer;
 use Facades\Statamic\API\ResourceAuthorizer;
+use Facades\Statamic\CP\LivePreview;
 use Facades\Statamic\Fields\BlueprintRepository;
 use Facades\Tests\Factories\EntryFactory;
 use PHPUnit\Framework\Attributes\DataProvider;
@@ -755,4 +756,44 @@ public function it_only_shows_published_entries_by_default()
                 'title' => 'That will be so rad!',
             ]]]);
     }
+
+    #[Test]
+    public function it_only_shows_unpublished_entries_with_token()
+    {
+        FilterAuthorizer::shouldReceive('allowedForSubResources')
+            ->andReturn(['published', 'status']);
+
+        $entry = EntryFactory::collection('blog')
+            ->id('6')
+            ->slug('that-was-so-rad')
+            ->data(['title' => 'That was so rad!'])
+            ->published(false)
+            ->create();
+
+        LivePreview::tokenize('test-token', $entry);
+
+        $query = <<<'GQL'
+{
+    entry(id: "6") {
+        id
+        title
+    }
+}
+GQL;
+
+        $this
+            ->withoutExceptionHandling()
+            ->post('/graphql', ['query' => $query])
+            ->assertGqlOk()
+            ->assertExactJson(['data' => ['entry' => null]]);
+
+        $this
+            ->withoutExceptionHandling()
+            ->post('/graphql?token=test-token', ['query' => $query])
+            ->assertGqlOk()
+            ->assertExactJson(['data' => ['entry' => [
+                'id' => '6',
+                'title' => 'That was so rad!',
+            ]]]);
+    }
 }