Set the XmlResolver property to null to prevent external XML entity injection.

//
// Set "XmlResolver" to null to prevent external XML entity injection:
var xmlDocument = new XmlDocument() { XmlResolver = null };

xmlDocument.LoadXml("<some malicious xml string...>");