Credential injection is a cybersecurity attack where an adversary adds new authentication credentials, such as passwords, tokens, or certificates, to a user account or system. This allows the attacker to gain unauthorized access or escalate privileges without detection. Unlike credential stuffing, which uses stolen credentials, credential injection involves actively inserting new credentials, often exploiting vulnerabilities in authentication mechanisms or misconfigured systems. Once injected, these credentials can be used to bypass security controls, maintain persistence, or move laterally within a network. Preventing credential injection requires strong authentication processes, regular auditing of user accounts, and timely patching of software vulnerabilities.