diff --git a/packages/aws-cdk/lib/api/util/checks.ts b/packages/aws-cdk/lib/api/util/checks.ts
index 11c1c856eb384..a094156ba74fb 100644
--- a/packages/aws-cdk/lib/api/util/checks.ts
+++ b/packages/aws-cdk/lib/api/util/checks.ts
@@ -18,13 +18,19 @@ export async function determineAllowCrossAccountAssetPublishing(sdk: ISDK, custo
       return true;
     }
 
-    // other scenarios are highly irregular and potentially dangerous so we prevent it by
-    // instructing cdk-assets to detect foreign bucket ownership and reject.
+    // If there is a staging bucket AND the bootstrap version is old, then we want to protect
+    // against accidental cross-account publishing.
     return false;
   } catch (e) {
+    // You would think we would need to fail closed here, but the reality is
+    // that we get here if we couldn't find the bootstrap stack: that is
+    // completely valid, and many large organizations may have their own method
+    // of creating bootstrap resources. If they do, there's nothing for us to validate,
+    // but we can't use that as a reason to disallow cross-account publishing. We'll just
+    // have to trust they did their due diligence. So we fail open.
     debug(`Error determining cross account asset publishing: ${e}`);
-    debug('Defaulting to disallowing cross account asset publishing');
-    return false;
+    debug('Defaulting to allowing cross account asset publishing');
+    return true;
   }
 }
 
diff --git a/packages/aws-cdk/test/api/util/checks.test.ts b/packages/aws-cdk/test/api/util/checks.test.ts
index 2db7e3d1603ea..660577a8f6aec 100644
--- a/packages/aws-cdk/test/api/util/checks.test.ts
+++ b/packages/aws-cdk/test/api/util/checks.test.ts
@@ -50,6 +50,15 @@ describe('determineAllowCrossAccountAssetPublishing', () => {
     expect(result).toBe(true);
   });
 
+  it('should return true if looking up the bootstrap stack fails', async () => {
+    AWSMock.mock('CloudFormation', 'describeStacks', (_params: any, callback: Function) => {
+      callback(new Error('Could not read bootstrap stack'));
+    });
+
+    const result = await determineAllowCrossAccountAssetPublishing(mockSDK);
+    expect(result).toBe(true);
+  });
+
   it('should return false for other scenarios', async () => {
     AWSMock.mock('CloudFormation', 'describeStacks', (_params: any, callback: Function) => {
       callback(null, {