diff --git a/src/content/docs/en/reference/configuration-reference.mdx b/src/content/docs/en/reference/configuration-reference.mdx
index ef3a39fd99079..c64f8b3eaad04 100644
--- a/src/content/docs/en/reference/configuration-reference.mdx
+++ b/src/content/docs/en/reference/configuration-reference.mdx
@@ -447,6 +447,29 @@ The patterns support wildcards for flexible hostname matching:
 
 When not configured, `X-Forwarded-Host` headers are not trusted and will be ignored.
 
+#### security.actionBodySizeLimit
+
+<p>
+
+**Type:** `number`<br />
+**Default:** `1048576` (1 MB)<br />
+<Since v="5.18.0" />
+</p>
+
+Sets the maximum size in bytes allowed for action request bodies.
+
+By default, action request bodies are limited to 1 MB (1048576 bytes) to prevent abuse.
+You can increase this limit if your actions need to accept larger payloads, for example when handling file uploads.
+
+```js
+// astro.config.mjs
+export default defineConfig({
+  security: {
+    actionBodySizeLimit: 10 * 1024 * 1024 // 10 MB
+  }
+})
+```
+
 ### vite
 
 <p>