diff --git a/Source/Networking/NetworkSystem.cs b/Source/Networking/NetworkSystem.cs
index 3b7c1ea3..d1d309dd 100644
--- a/Source/Networking/NetworkSystem.cs
+++ b/Source/Networking/NetworkSystem.cs
@@ -19,7 +19,10 @@ namespace LCVR.Networking;
 public class NetworkSystem : MonoBehaviour
 {
     /// Protocol Version, increase this every time a change is made that is not compatible with older versions
-    private const ushort PROTOCOL_VERSION = 6;
+    private const ushort PROTOCOL_VERSION = 7;
+
+    /// Packet size limit to prevent denial-of-service attacks
+    private const uint PACKET_MAX_SIZE = 4 * 1024;
 
     private static NetworkSystem _instance;
 
@@ -298,7 +301,11 @@ private void HandleChannelMessage(ushort sender, BinaryReader reader)
         if (!channels.TryGetValue(type, out var channelList))
             return;
 
-        var data = reader.ReadBytes((int)reader.ReadUInt32());
+        var length = reader.ReadUInt32();
+        if (length > PACKET_MAX_SIZE)
+            return;
+        
+        var data = reader.ReadBytes((int)length);
         
         if (instanceId.HasValue)
             channelList.Where(channel => channel.InstanceId == instanceId.Value)
diff --git a/Source/Networking/Serialization.cs b/Source/Networking/Serialization.cs
index e0fe9060..43fc9c48 100644
--- a/Source/Networking/Serialization.cs
+++ b/Source/Networking/Serialization.cs
@@ -19,6 +19,8 @@ namespace LCVR.Networking;
 /// </summary>
 public static class Serialization
 {
+    private const uint MAX_ARRAY_LENGTH = 4096;
+    
     private static readonly Dictionary<Type, FieldInfo[]> typeCache = [];
     
     private static IEnumerable<FieldInfo> GetFields(Type type)
@@ -68,6 +70,9 @@ public static byte[] Serialize(object @object)
             if (value.GetType().IsArray)
             {
                 var array = (Array)value;
+                if (array.Length > MAX_ARRAY_LENGTH)
+                    throw new ArgumentException($"Tried to serialize an array larger than {MAX_ARRAY_LENGTH} elements");
+                
                 bw.Write(array.Length);
 
                 foreach (var arrayEl in array)
@@ -113,6 +118,10 @@ private static object DeserializeInternal(BinaryReader br, Type type)
             if (field.FieldType.IsArray)
             {
                 var size = br.ReadInt32();
+                if (size > MAX_ARRAY_LENGTH)
+                    throw new ArgumentException(
+                        $"Tried to deserialize an array larger than {MAX_ARRAY_LENGTH} elements");
+                
                 var targetArray = Array.CreateInstance(field.FieldType.GetElementType()!, size);
 
                 for (var i = 0; i < size; i++)