diff --git a/news/3848.bugfix b/news/3848.bugfix
new file mode 100644
index 000000000..a313b5a40
--- /dev/null
+++ b/news/3848.bugfix
@@ -0,0 +1,5 @@
+Allow uploads up to 16 MB.
+This fixes a regression due to a low Zope form memory limit of 1MB used since Plone 6.0.7.
+You can use ``dos_protection`` settings in ``etc/zope.conf`` to change the limit.
+See `CMFPlone issue 3848 <https://github.com/plone/Products.CMFPlone/issues/3848>`_ and `Zope PR 1142 <https://github.com/zopefoundation/Zope/pull/1142>`_.
+@maurits
diff --git a/src/plone/restapi/__init__.py b/src/plone/restapi/__init__.py
index ba8cb1604..5d449ae90 100644
--- a/src/plone/restapi/__init__.py
+++ b/src/plone/restapi/__init__.py
@@ -1,3 +1,4 @@
+from . import patches  # noqa: ignore=F401
 from AccessControl import allow_module
 from AccessControl.Permissions import add_user_folders
 from plone.restapi.pas import plugin
diff --git a/src/plone/restapi/deserializer/__init__.py b/src/plone/restapi/deserializer/__init__.py
index cb790cb70..a5112dae9 100644
--- a/src/plone/restapi/deserializer/__init__.py
+++ b/src/plone/restapi/deserializer/__init__.py
@@ -4,6 +4,9 @@
 
 
 def json_body(request):
+    # TODO We should not read the complete request BODY in memory.
+    # Once we have fixed this, we can remove the temporary patches.py.
+    # See there for background information.
     try:
         data = json.loads(request.get("BODY") or "{}")
     except ValueError:
diff --git a/src/plone/restapi/patches.py b/src/plone/restapi/patches.py
new file mode 100644
index 000000000..b11c3a892
--- /dev/null
+++ b/src/plone/restapi/patches.py
@@ -0,0 +1,20 @@
+# TEMPORARY patch for low form memory limit introduced in Zope 5.8.4.
+# See https://github.com/plone/Products.CMFPlone/issues/3848
+# and https://github.com/zopefoundation/Zope/pull/1180
+# Should be removed once `plone.restapi.deserializer.json_body` no longer
+# reads the complete request BODY in memory.
+from ZPublisher import HTTPRequest
+
+import logging
+
+
+logger = logging.getLogger(__name__)
+_attr = "FORM_MEMORY_LIMIT"
+_limit = getattr(HTTPRequest, _attr, None)
+if _limit and _limit == 2**20:
+    setattr(HTTPRequest, _attr, 2**24)
+    logger.info(
+        "PATCH: ZPublisher.HTTPRequest.%s is at a too low default of 1MB. "
+        "Increased it to 16MB to enable larger file uploads.",
+        _attr,
+    )