diff --git a/UPGRADING.md b/UPGRADING.md
index 82ca1b2ed..d7c70b165 100644
--- a/UPGRADING.md
+++ b/UPGRADING.md
@@ -11,7 +11,7 @@
 
 - [BC] The `TDependentListKey` type was removed and replaced with an optional property of the `TIntRange` type.
 
-- [BC] Value of constant `Psalm\Type\TaintKindGroup::ALL_INPUT` changed to reflect a new `TaintKind::INPUT_XPATH` have been added. Accordingly, default values for `$taint` parameters of `Psalm\Codebase::addTaintSource()` and `Psalm\Codebase::addTaintSink()` have been changed as well.
+- [BC] Value of constant `Psalm\Type\TaintKindGroup::ALL_INPUT` changed to reflect new `TaintKind::INPUT_SLEEP` and `TaintKind::INPUT_XPATH` have been added. Accordingly, default values for `$taint` parameters of `Psalm\Codebase::addTaintSource()` and `Psalm\Codebase::addTaintSink()` have been changed as well.
 
 - [BC] Property `Config::$shepherd_host` was replaced with `Config::$shepherd_endpoint`
 
diff --git a/config.xsd b/config.xsd
index 3d5deb61e..de492fcb1 100644
--- a/config.xsd
+++ b/config.xsd
@@ -439,6 +439,7 @@
             <xs:element name="TaintedInput" type="IssueHandlerType" minOccurs="0" />
             <xs:element name="TaintedLdap" type="IssueHandlerType" minOccurs="0" />
             <xs:element name="TaintedShell" type="IssueHandlerType" minOccurs="0" />
+            <xs:element name="TaintedSleep" type="IssueHandlerType" minOccurs="0" />
             <xs:element name="TaintedSql" type="IssueHandlerType" minOccurs="0" />
             <xs:element name="TaintedSSRF" type="IssueHandlerType" minOccurs="0" />
             <xs:element name="TaintedSystemSecret" type="IssueHandlerType" minOccurs="0" />
diff --git a/docs/running_psalm/error_levels.md b/docs/running_psalm/error_levels.md
index ca2ba58e4..35c4821d6 100644
--- a/docs/running_psalm/error_levels.md
+++ b/docs/running_psalm/error_levels.md
@@ -293,6 +293,7 @@ Level 5 and above allows a more non-verifiable code, and higher levels are even
  - [TaintedInput](issues/TaintedInput.md)
  - [TaintedLdap](issues/TaintedLdap.md)
  - [TaintedShell](issues/TaintedShell.md)
+ - [TaintedSleep](issues/TaintedSleep.md)
  - [TaintedSql](issues/TaintedSql.md)
  - [TaintedSSRF](issues/TaintedSSRF.md)
  - [TaintedSystemSecret](issues/TaintedSystemSecret.md)
diff --git a/docs/running_psalm/issues.md b/docs/running_psalm/issues.md
index d05e070a4..c14cecd14 100644
--- a/docs/running_psalm/issues.md
+++ b/docs/running_psalm/issues.md
@@ -241,6 +241,7 @@
  - [TaintedInput](issues/TaintedInput.md)
  - [TaintedLdap](issues/TaintedLdap.md)
  - [TaintedShell](issues/TaintedShell.md)
+ - [TaintedSleep](issues/TaintedSleep.md)
  - [TaintedSql](issues/TaintedSql.md)
  - [TaintedSSRF](issues/TaintedSSRF.md)
  - [TaintedSystemSecret](issues/TaintedSystemSecret.md)
diff --git a/docs/running_psalm/issues/TaintedSleep.md b/docs/running_psalm/issues/TaintedSleep.md
new file mode 100644
index 000000000..181cf045c
--- /dev/null
+++ b/docs/running_psalm/issues/TaintedSleep.md
@@ -0,0 +1,9 @@
+# TaintedSleep
+
+Emitted when user-controlled input can be passed into a `sleep` call or similar.
+
+```php
+<?php
+
+sleep($_GET["seconds"]);
+```
diff --git a/src/Psalm/Internal/Codebase/TaintFlowGraph.php b/src/Psalm/Internal/Codebase/TaintFlowGraph.php
index ba4f20fcc..548e95cf5 100644
--- a/src/Psalm/Internal/Codebase/TaintFlowGraph.php
+++ b/src/Psalm/Internal/Codebase/TaintFlowGraph.php
@@ -19,6 +19,7 @@ use Psalm\Issue\TaintedInclude;
 use Psalm\Issue\TaintedLdap;
 use Psalm\Issue\TaintedSSRF;
 use Psalm\Issue\TaintedShell;
+use Psalm\Issue\TaintedSleep;
 use Psalm\Issue\TaintedSql;
 use Psalm\Issue\TaintedSystemSecret;
 use Psalm\Issue\TaintedTextWithQuotes;
@@ -459,6 +460,15 @@ class TaintFlowGraph extends DataFlowGraph
                                 );
                                 break;
 
+                            case TaintKind::INPUT_SLEEP:
+                                $issue = new TaintedSleep(
+                                    'Detected tainted sleep',
+                                    $issue_location,
+                                    $issue_trace,
+                                    $path,
+                                );
+                                break;
+
                             default:
                                 $issue = new TaintedCustom(
                                     'Detected tainted ' . $matching_taint,
diff --git a/src/Psalm/Issue/TaintedSleep.php b/src/Psalm/Issue/TaintedSleep.php
new file mode 100644
index 000000000..77c8b3f5e
--- /dev/null
+++ b/src/Psalm/Issue/TaintedSleep.php
@@ -0,0 +1,8 @@
+<?php
+
+namespace Psalm\Issue;
+
+final class TaintedSleep extends TaintedInput
+{
+    public const SHORTCODE = 324;
+}
diff --git a/src/Psalm/Type/TaintKind.php b/src/Psalm/Type/TaintKind.php
index e0f9f815e..c8f5af5a3 100644
--- a/src/Psalm/Type/TaintKind.php
+++ b/src/Psalm/Type/TaintKind.php
@@ -21,6 +21,7 @@ final class TaintKind
     public const INPUT_COOKIE = 'cookie';
     public const INPUT_HEADER = 'header';
     public const INPUT_XPATH = 'xpath';
+    public const INPUT_SLEEP = 'sleep';
     public const USER_SECRET = 'user_secret';
     public const SYSTEM_SECRET = 'system_secret';
 }
diff --git a/src/Psalm/Type/TaintKindGroup.php b/src/Psalm/Type/TaintKindGroup.php
index 2aa1256fd..b37e3414e 100644
--- a/src/Psalm/Type/TaintKindGroup.php
+++ b/src/Psalm/Type/TaintKindGroup.php
@@ -22,5 +22,6 @@ final class TaintKindGroup
         TaintKind::INPUT_HEADER,
         TaintKind::INPUT_COOKIE,
         TaintKind::INPUT_XPATH,
+        TaintKind::INPUT_SLEEP,
     ];
 }
diff --git a/stubs/CoreGenericFunctions.phpstub b/stubs/CoreGenericFunctions.phpstub
index 89b18d0a4..026e90c65 100644
--- a/stubs/CoreGenericFunctions.phpstub
+++ b/stubs/CoreGenericFunctions.phpstub
@@ -1797,3 +1797,25 @@ if (defined('GLOB_BRACE')) {
  * @psalm-taint-sink shell $command
  */
 function exec(string $command, &$output = null, int &$result_code = null): string|false {}
+
+/**
+ * @psalm-taint-specialize
+ * @psalm-taint-sink sleep $seconds
+ */
+function sleep(int $seconds): int {}
+
+/**
+ * @psalm-taint-sink sleep $microseconds
+ */
+function usleep(int $microseconds): void {}
+
+/**
+ * @psalm-taint-sink sleep $seconds
+ * @psalm-taint-sink sleep $nanoseconds
+ */
+function time_nanosleep(int $seconds, int $nanoseconds): array|bool {}
+
+/**
+ * @psalm-taint-sink sleep $timestamp
+ */
+function time_sleep_until(float $timestamp): bool {}
diff --git a/tests/TaintTest.php b/tests/TaintTest.php
index 7efd9dae9..4a847bd4b 100644
--- a/tests/TaintTest.php
+++ b/tests/TaintTest.php
@@ -755,7 +755,7 @@ class TaintTest extends TestCase
                     /**
                      * @psalm-taint-escape xpath
                      */
-                    function my_escaping_function_for_xpath(string input) : string {};
+                    function my_escaping_function_for_xpath(string $input) : string {};
 
                     function queryExpression(SimpleXMLElement $xml) : array|false|null {
                         $expression = $_GET["expression"];
@@ -763,6 +763,16 @@ class TaintTest extends TestCase
                         return $xml->xpath($expression);
                     }',
             ],
+            'escapeSeconds' => [
+                'code' => '<?php
+                    /**
+                     * @psalm-taint-escape sleep
+                     */
+                    function my_escaping_function_for_seconds(mixed $input) : int {};
+
+                    $seconds = my_escaping_function_for_seconds($_GET["seconds"]);
+                    sleep($seconds);',
+            ],
         ];
     }
 
@@ -2540,6 +2550,31 @@ class TaintTest extends TestCase
                     }',
                 'error_message' => 'TaintedXpath',
             ],
+            'taintedSleep' => [
+                'code' => '<?php
+                    sleep($_GET["seconds"]);',
+                'error_message' => 'TaintedSleep',
+            ],
+            'taintedUsleep' => [
+                'code' => '<?php
+                    usleep($_GET["microseconds"]);',
+                'error_message' => 'TaintedSleep',
+            ],
+            'taintedTimeNanosleepSeconds' => [
+                'code' => '<?php
+                    time_nanosleep($_GET["seconds"], 42);',
+                'error_message' => 'TaintedSleep',
+            ],
+            'taintedTimeNanosleepNanoseconds' => [
+                'code' => '<?php
+                    time_nanosleep(42, $_GET["nanoseconds"]);',
+                'error_message' => 'TaintedSleep',
+            ],
+            'taintedTimeSleepUntil' => [
+                'code' => '<?php
+                    time_sleep_until($_GET["timestamp"]);',
+                'error_message' => 'TaintedSleep',
+            ],
         ];
     }