diff --git a/src/server/websocket.ts b/src/server/websocket.ts
index f06ad7a..5c35971 100644
--- a/src/server/websocket.ts
+++ b/src/server/websocket.ts
@@ -22,6 +22,7 @@ export function createWsServer(server: Server) {
     const wss = new WebSocketServer({ noServer: true });
     const inputHandler = new InputHandler();
     const LAN_IP = getLocalIp();
+    const MAX_PAYLOAD_SIZE = 10 * 1024; // 10KB limit
 
     console.log(`WebSocket Server initialized (Upgrade mode)`);
     console.log(`WS LAN IP: ${LAN_IP}`);
@@ -44,6 +45,13 @@ export function createWsServer(server: Server) {
         ws.on('message', async (data: string) => {
             try {
                 const raw = data.toString();
+
+                // Prevent JSON DoS
+                if (raw.length > MAX_PAYLOAD_SIZE) {
+                    console.warn('Payload too large, rejecting message.');
+                    return;
+                }
+
                 const msg = JSON.parse(raw);
 
                 if (msg.type === 'get-ip') {