diff --git a/http/sys_raft.go b/http/sys_raft.go
index b2055d674c..2346b3182c 100644
--- a/http/sys_raft.go
+++ b/http/sys_raft.go
@@ -23,6 +23,7 @@ func handleSysRaftBootstrap(core *vault.Core) http.Handler {
 		case "POST", "PUT":
 			if core.Sealed() {
 				respondError(w, http.StatusBadRequest, errors.New("node must be unsealed to bootstrap"))
+				return
 			}
 
 			if err := core.RaftBootstrap(context.Background(), false); err != nil {
diff --git a/vault/external_tests/raft/raft_test.go b/vault/external_tests/raft/raft_test.go
index 170cc02f8e..108f490af1 100644
--- a/vault/external_tests/raft/raft_test.go
+++ b/vault/external_tests/raft/raft_test.go
@@ -27,6 +27,7 @@ import (
 	"github.com/hashicorp/vault/helper/namespace"
 	"github.com/hashicorp/vault/helper/testhelpers"
 	"github.com/hashicorp/vault/helper/testhelpers/corehelpers"
+	"github.com/hashicorp/vault/helper/testhelpers/minimal"
 	"github.com/hashicorp/vault/helper/testhelpers/teststorage"
 	vaulthttp "github.com/hashicorp/vault/http"
 	"github.com/hashicorp/vault/internalshared/configutil"
@@ -1626,3 +1627,14 @@ func TestRaft_SnapshotLargerMaxRequestSize(t *testing.T) {
 	require.NoError(t, err)
 	testhelpers.WaitForActiveNode(t, cluster)
 }
+
+// TestRaft_BootstrapWhenSealed ensures raft does not attempt to bootstrap when sealed.
+func TestRaft_BootstrapWhenSealed(t *testing.T) {
+	t.Parallel()
+	cluster := minimal.NewTestSoloCluster(t, nil)
+	client := cluster.Cores[0].Client
+	cluster.EnsureCoresSealed(t)
+
+	_, err := client.Logical().Write("sys/storage/raft/bootstrap", nil)
+	require.ErrorContains(t, err, "node must be unsealed to bootstrap")
+}