diff --git a/src/termio/Exec.zig b/src/termio/Exec.zig
index 6e24217f8..ed016355c 100644
--- a/src/termio/Exec.zig
+++ b/src/termio/Exec.zig
@@ -1107,6 +1107,14 @@ const StreamHandler = struct {
         }
 
         try self.apc_data.append(self.alloc, byte);
+
+        // Prevent DoS attack.
+        const limit = 100 * 1024 * 1024; // 100MB
+        if (self.apc_data.items.len > limit) {
+            log.warn("APC command too large, ignoring", .{});
+            self.apc_state = .ignore;
+            self.apc_data.clearAndFree(self.alloc);
+        }
     }
 
     pub fn apcEnd(self: *StreamHandler) !void {