diff --git a/main.py b/main.py
index da3dd58..1e6bfb4 100644
--- a/main.py
+++ b/main.py
@@ -250,7 +250,21 @@ async def upload_text(request: Request, authorized: bool = Depends(validate_uplo
 
     client_ip = get_real_ip(request)
     user_agent = request.headers.get("User-Agent", "unknown")
-    body = await request.body()
+
+    # Stream-read with a hard byte cap so an oversized request can't buffer into memory
+    total = 0
+    chunks = []
+    async for chunk in request.stream():
+        total += len(chunk)
+        if total > MAX_FILE_SIZE:
+            log("WARNING", "upload_failed",
+                client_ip=client_ip,
+                user_agent=user_agent,
+                reason="payload_too_large",
+                size_bytes=total)
+            raise HTTPException(status_code=413, detail="Payload too large")
+        chunks.append(chunk)
+    body = b"".join(chunks)
     content = body.decode('utf-8', errors='ignore')
 
     if not validate_content(content):