diff --git a/lib/web/websocket/receiver.js b/lib/web/websocket/receiver.js
index 2244b1756e3..85b6edf649c 100644
--- a/lib/web/websocket/receiver.js
+++ b/lib/web/websocket/receiver.js
@@ -12,7 +12,8 @@ const {
   websocketMessageReceived,
   utf8Decode,
   isControlFrame,
-  isTextBinaryFrame
+  isTextBinaryFrame,
+  isContinuationFrame
 } = require('./util')
 const { WebsocketFrameSend } = require('./frame')
 const { closeWebSocketConnection } = require('./connection')
@@ -121,6 +122,11 @@ class ByteParser extends Writable {
           return
         }
 
+        if (isContinuationFrame(opcode) && this.#fragments.length === 0) {
+          failWebsocketConnection(this.ws, 'Unexpected continuation frame')
+          return
+        }
+
         if (payloadLength <= 125) {
           this.#info.payloadLength = payloadLength
           this.#state = parserStates.READ_DATA