diff --git a/src/core/tcp_in.c b/src/core/tcp_in.c
index 37c6bb61a..8a59f2a66 100644
--- a/src/core/tcp_in.c
+++ b/src/core/tcp_in.c
@@ -664,7 +664,13 @@ tcp_listen_input(struct tcp_pcb_listen *pcb)
       err_t err;
       LWIP_DEBUGF(TCP_DEBUG, ("tcp_listen_input: could not allocate PCB\n"));
       TCP_STATS_INC(tcp.memerr);
+      #if !DISABLE_TCPIP_EVENT_ACCEPT_AT_MEM_ERR
+      /* Notify application of connection refusal due to memory exhaustion.
+       * NOTE: Can cause instability during resource exhaustion as the application
+       * may attempt connection management while the stack is at resource limits.
+       * Consider enabling DISABLE_TCPIP_EVENT_ACCEPT_AT_MEM_ERR if unstable. */
       TCP_EVENT_ACCEPT(pcb, NULL, pcb->callback_arg, ERR_MEM, err);
+      #endif
       LWIP_UNUSED_ARG(err); /* err not useful here */
       return;
     }
diff --git a/src/include/lwip/opt.h b/src/include/lwip/opt.h
index 2573285f4..3a33f37cd 100644
--- a/src/include/lwip/opt.h
+++ b/src/include/lwip/opt.h
@@ -1471,6 +1471,26 @@
 #define TCP_DEFAULT_LISTEN_BACKLOG      0xff
 #endif
 
+/**
+ * DISABLE_TCPIP_EVENT_ACCEPT_AT_MEM_ERR: Disable TCP_EVENT_ACCEPT notification
+ * when PCB allocation fails due to memory exhaustion (MEMP_NUM_TCP_PCB limit reached).
+ *
+ * Security/Stability: When enabled (set to 1), prevents the accept event callback from
+ * being invoked when tcp_alloc() fails to allocate a new PCB for an incoming connection.
+ * This avoids triggering application-layer logic during critical resource exhaustion,
+ * which can cause instability as the stack attempts to release and restore connections
+ * while already operating at resource limits.
+ *
+ * The remote peer will simply retransmit the SYN when resources become available.
+ * Enable this if your application does not handle ERR_MEM in accept callbacks or if
+ * you experience instability during high connection load.
+ *
+ * Default is 0 (accept event is called with ERR_MEM for backward compatibility).
+ */
+#if !defined DISABLE_TCPIP_EVENT_ACCEPT_AT_MEM_ERR || defined __DOXYGEN__
+#define DISABLE_TCPIP_EVENT_ACCEPT_AT_MEM_ERR  0
+#endif
+
 /**
  * TCP_OVERSIZE: The maximum number of bytes that tcp_write may
  * allocate ahead of time in an attempt to create shorter pbuf chains