diff --git a/src/config.ts b/src/config.ts
index fba65159..68175a46 100644
--- a/src/config.ts
+++ b/src/config.ts
@@ -201,6 +201,13 @@ class Conf {
 
     return value;
   }
+  /**
+   * Whether to analyze media metadata with [blurhash](https://www.npmjs.com/package/blurhash) and [sharp](https://www.npmjs.com/package/sharp).
+   * This is prone to security vulnerabilities, which is why it's not enabled by default.
+   */
+  static get mediaAnalyze(): boolean {
+    return optionalBooleanSchema.parse(Deno.env.get('MEDIA_ANALYZE')) ?? false;
+  }
   /** Max upload size for files in number of bytes. Default 100MiB. */
   static get maxUploadSize(): number {
     return Number(Deno.env.get('MAX_UPLOAD_SIZE') || 100 * 1024 * 1024);
diff --git a/src/utils/upload.ts b/src/utils/upload.ts
index df0be70b..fc5d7086 100644
--- a/src/utils/upload.ts
+++ b/src/utils/upload.ts
@@ -57,7 +57,9 @@ export async function uploadFile(
     tags.push(['m', file.type]);
   }
 
-  if (!blurhash || !dim) {
+  // If the uploader didn't already, try to get a blurhash and media dimensions.
+  // This requires `MEDIA_ANALYZE=true` to be configured because it comes with security tradeoffs.
+  if (Conf.mediaAnalyze && (!blurhash || !dim)) {
     try {
       const bytes = await new Response(file.stream()).bytes();
       const img = sharp(bytes);