diff --git a/src/inspector_io.cc b/src/inspector_io.cc
index ebf3ae4764..361d193492 100644
--- a/src/inspector_io.cc
+++ b/src/inspector_io.cc
@@ -353,6 +353,9 @@ std::optional<std::string> InspectorIoDelegate::GetTargetSessionId(
   std::string_view view(message.data(), message.size());
   std::unique_ptr<protocol::DictionaryValue> value =
       protocol::DictionaryValue::cast(JsonUtil::parseJSON(view));
+  if (!value) {
+    return std::nullopt;
+  }
   protocol::String target_session_id;
   protocol::Value* target_session_id_value = value->get("sessionId");
   if (target_session_id_value) {
diff --git a/test/parallel/test-inspector-invalid-protocol.js b/test/parallel/test-inspector-invalid-protocol.js
new file mode 100644
index 0000000000..28c02028ae
--- /dev/null
+++ b/test/parallel/test-inspector-invalid-protocol.js
@@ -0,0 +1,40 @@
+'use strict';
+const common = require('../common');
+common.skipIfInspectorDisabled();
+const { spawn } = require('node:child_process');
+const assert = require('node:assert');
+
+(async () => {
+  const child = spawn(
+    process.execPath,
+    ['--inspect-wait=0', '-e', "console.log('test');"],
+    {}
+  );
+
+  const url = await new Promise((resolve) => {
+    child.stderr.on('data', (data) => {
+      const msg = data.toString();
+      const match = msg.match(/ws:\/\/127\.0\.0\.1:(\d+)\/([a-f0-9-]+)/);
+      if (match) {
+        child.stderr.removeAllListeners('data');
+        return resolve(match[0]);
+      }
+    });
+  });
+
+  child.once('exit', (_, signal) => {
+    assert.strictEqual(signal, 'SIGTERM');
+  });
+
+  const socket = new WebSocket(url);
+
+  socket.addEventListener('open', common.mustCall(() => {
+    socket.send('This is not a valid protocol message');
+  }));
+
+  socket.addEventListener('message', common.mustCall((event) => {
+    assert.ok(Object.keys(JSON.parse(event.data)).includes('error'));
+    socket.close();
+    child.kill();
+  }));
+})().then(common.mustCall());