diff --git a/taiga/projects/tasks/api.py b/taiga/projects/tasks/api.py
index dfb3c553..348b4b7f 100644
--- a/taiga/projects/tasks/api.py
+++ b/taiga/projects/tasks/api.py
@@ -52,13 +52,16 @@ class TaskViewSet(OCCResourceMixin, HistoryResourceMixin, WatchedResourceMixin,
         super().pre_conditions_on_save(obj)
 
         if obj.milestone and obj.milestone.project != obj.project:
-            raise exc.PermissionDenied(_("You don't have permissions for add/modify this task."))
+            raise exc.WrongArguments(_("You don't have permissions for add/modify this task."))
 
         if obj.user_story and obj.user_story.project != obj.project:
-            raise exc.PermissionDenied(_("You don't have permissions for add/modify this task."))
+            raise exc.WrongArguments(_("You don't have permissions for add/modify this task."))
 
         if obj.status and obj.status.project != obj.project:
-            raise exc.PermissionDenied(_("You don't have permissions for add/modify this task."))
+            raise exc.WrongArguments(_("You don't have permissions for add/modify this task."))
+
+        if obj.milestone and obj.user_story and obj.milestone != obj.user_story.milestone:
+            raise exc.WrongArguments(_("You don't have permissions for add/modify this task."))
 
     @list_route(methods=["POST"])
     def bulk_create(self, request, **kwargs):
diff --git a/tests/integration/test_tasks.py b/tests/integration/test_tasks.py
index 6418eba8..c7c9e6ad 100644
--- a/tests/integration/test_tasks.py
+++ b/tests/integration/test_tasks.py
@@ -61,3 +61,24 @@ def test_api_create_in_bulk_with_status(client):
 
     assert response.status_code == 200
     assert response.data[0]["status"] == us.project.default_task_status.id
+
+
+def test_api_create_invalid_task(client):
+    # Associated to a milestone and a user story.
+    # But the User Story is not associated with the milestone
+    us_milestone = f.MilestoneFactory.create()
+    us = f.create_userstory(milestone=us_milestone)
+    task_milestone = f.MilestoneFactory.create(project=us.project, owner=us.owner)
+
+    url = reverse("tasks-list")
+    data = {
+        "user_story": us.id,
+        "milestone": task_milestone.id,
+        "subject": "Testing subject",
+        "status": us.project.default_task_status.id,
+        "project": us.project.id
+    }
+
+    client.login(us.owner)
+    response = client.json.post(url, json.dumps(data))
+    assert response.status_code == 400