XXE (XML External Entity) injection is a cybersecurity vulnerability that occurs when an application processes XML input containing a reference to an external entity. Attackers exploit this flaw by injecting malicious XML data, which can trick the XML parser into accessing sensitive files, disclosing internal system information, or even executing remote code. This vulnerability is particularly dangerous in systems that parse XML from untrusted sources, as it can lead to data breaches, denial of service, or server-side request forgery. Properly configuring XML parsers to disable external entity processing is a key defense against XXE attacks.