A web security vulnerability that exploits XML parsers by injecting malicious external entity references, potentially allowing attackers to access files, perform server-side request forgery, or cause denial of service.