diff --git a/src/ClientServer/Controllers/Core/Exercises/DoExerciseController.cs b/src/ClientServer/Controllers/Core/Exercises/DoExerciseController.cs
index 3766b4e2e2cdcbcd68744cfde063a1d7114e2ccb..1be6d6d8f208e804e64176665b626697898ac3de 100644
--- a/src/ClientServer/Controllers/Core/Exercises/DoExerciseController.cs
+++ b/src/ClientServer/Controllers/Core/Exercises/DoExerciseController.cs
@@ -28,6 +28,7 @@ namespace ClientServer.Controllers.Core.Exercises
     [Route(Constants.ApiPrefix + "exercise/do")]
     public class DoExerciseController : ControllerWithDb
     {
+        public static int SolutionFilesUploadMaxFilesInZip = 100;
         /*
          * after accessing the exercise (get) the user has a participation (ExerciseReleaseWithUserAsParticipation), this is ensured by the (get) method
          */
@@ -2395,6 +2396,12 @@ namespace ClientServer.Controllers.Core.Exercises
                 {
                     for (int i = 0; i < zipArchive.Entries.Count; i++)
                     {
+                        if (i > SolutionFilesUploadMaxFilesInZip-1)
+                        {
+                            await Response.WriteAsync(Jc.Serialize(new BasicResponse(ResponseCode.InvalidRequest, "too many files")));
+                            return;
+                        }
+                        
                         var entry = zipArchive.Entries[i];
 
                         if (string.IsNullOrEmpty(entry.Name))