diff --git a/apps/files_external/lib/Controller/GlobalStoragesController.php b/apps/files_external/lib/Controller/GlobalStoragesController.php
index 9ee3c91783d9..c7609dd0a7a8 100644
--- a/apps/files_external/lib/Controller/GlobalStoragesController.php
+++ b/apps/files_external/lib/Controller/GlobalStoragesController.php
@@ -88,7 +88,7 @@ public function create(
 	) {
 		$canCreateNewLocalStorage = \OC::$server->getConfig()->getSystemValue('files_external_allow_create_new_local', false);
 
-		if ($backend === 'local' && $canCreateNewLocalStorage === false) {
+		if (($backend === 'local' || $backend === '\OC\Files\Storage\Local') && $canCreateNewLocalStorage === false) {
 			return new DataResponse(
 				null,
 				Http::STATUS_FORBIDDEN
diff --git a/apps/files_external/lib/Controller/UserStoragesController.php b/apps/files_external/lib/Controller/UserStoragesController.php
index 8c7a1e4efaae..7f2232e129ce 100644
--- a/apps/files_external/lib/Controller/UserStoragesController.php
+++ b/apps/files_external/lib/Controller/UserStoragesController.php
@@ -129,7 +129,7 @@ public function create(
 			);
 		}
 		$canCreateNewLocalStorage = \OC::$server->getConfig()->getSystemValue('files_external_allow_create_new_local', false);
-		if ($backend === 'local' && $canCreateNewLocalStorage === false) {
+		if (($backend === 'local' || $backend === '\OC\Files\Storage\Local') && $canCreateNewLocalStorage === false) {
 			return new DataResponse(
 				null,
 				Http::STATUS_FORBIDDEN
diff --git a/apps/files_external/tests/Controller/GlobalStoragesControllerTest.php b/apps/files_external/tests/Controller/GlobalStoragesControllerTest.php
index 6e45b6ca927f..3417a3b0695e 100644
--- a/apps/files_external/tests/Controller/GlobalStoragesControllerTest.php
+++ b/apps/files_external/tests/Controller/GlobalStoragesControllerTest.php
@@ -111,6 +111,38 @@ public function testCreate() {
 		$this->assertEquals($expectedStorage, $actual);
 	}
 
+	public function testCreateLocal() {
+		$mount = 'randomMount';
+		$backend = 'local';
+		$auth = 'identifier:\Random\Missing\Auth\Class';
+		$backendOpts = [
+			'datadir' => '/tmp',
+		];
+		$priority = 3;
+
+		// there is already a teardown in the parent class setting this value to false
+		\OC::$server->getSystemConfig()->setValue('files_external_allow_create_new_local', false);
+
+		$result = $this->controller->create($mount, $backend, $auth, $backendOpts, [], [], [], $priority);
+		$this->assertEquals(Http::STATUS_FORBIDDEN, $result->getStatus());
+	}
+
+	public function testCreateLocalClassname() {
+		$mount = 'randomMount';
+		$backend = '\OC\Files\Storage\Local';
+		$auth = 'identifier:\Random\Missing\Auth\Class';
+		$backendOpts = [
+			'datadir' => '/tmp',
+		];
+		$priority = 3;
+
+		// there is already a teardown in the parent class setting this value to false
+		\OC::$server->getSystemConfig()->setValue('files_external_allow_create_new_local', false);
+
+		$result = $this->controller->create($mount, $backend, $auth, $backendOpts, [], [], [], $priority);
+		$this->assertEquals(Http::STATUS_FORBIDDEN, $result->getStatus());
+	}
+
 	public function testUpdate() {
 		$mount = 'randomMount';
 		$backend = 'identifier:\This\Doesnt\Exist';
diff --git a/apps/files_external/tests/Controller/UserStoragesControllerTest.php b/apps/files_external/tests/Controller/UserStoragesControllerTest.php
index c20722b73c4f..51df05ebde2b 100644
--- a/apps/files_external/tests/Controller/UserStoragesControllerTest.php
+++ b/apps/files_external/tests/Controller/UserStoragesControllerTest.php
@@ -195,6 +195,38 @@ public function testCreate() {
 		$this->assertEquals($expectedStorage, $actual);
 	}
 
+	public function testCreateLocal() {
+		$mount = 'randomMount';
+		$backend = 'local';
+		$auth = 'identifier:\Random\Missing\Auth\Class';
+		$backendOpts = [
+			'datadir' => '/tmp',
+		];
+		$priority = 3;
+
+		// there is already a teardown in the parent class setting this value to false
+		\OC::$server->getSystemConfig()->setValue('files_external_allow_create_new_local', false);
+
+		$result = $this->controller->create($mount, $backend, $auth, $backendOpts, [], [], [], $priority);
+		$this->assertEquals(Http::STATUS_FORBIDDEN, $result->getStatus());
+	}
+
+	public function testCreateLocalClassname() {
+		$mount = 'randomMount';
+		$backend = '\OC\Files\Storage\Local';
+		$auth = 'identifier:\Random\Missing\Auth\Class';
+		$backendOpts = [
+			'datadir' => '/tmp',
+		];
+		$priority = 3;
+
+		// there is already a teardown in the parent class setting this value to false
+		\OC::$server->getSystemConfig()->setValue('files_external_allow_create_new_local', false);
+
+		$result = $this->controller->create($mount, $backend, $auth, $backendOpts, [], [], [], $priority);
+		$this->assertEquals(Http::STATUS_FORBIDDEN, $result->getStatus());
+	}
+
 	public function testUpdate() {
 		$mount = 'randomMount';
 		$backend = 'identifier:\This\Doesnt\Exist';
diff --git a/changelog/unreleased/41538 b/changelog/unreleased/41538
new file mode 100644
index 000000000000..81ba32f875c9
--- /dev/null
+++ b/changelog/unreleased/41538
@@ -0,0 +1,8 @@
+Bugfix: Prevent mounting local storage if not allowed.
+
+Mounting a local storage was possible if the internal class name was used as
+backend, despite local storage not allowed to be mounted. This problem is
+fixed and the local storage can't be mounted if is was explicitly disallowed in
+the configuration.
+
+https://github.com/owncloud/core/pull/41538