Set the XmlResolver property to null to prevent external XML entity injection.
//
// Set "XmlResolver" to null to prevent external XML entity injection:
var xmlDocument = new XmlDocument() { XmlResolver = null };
xmlDocument.LoadXml("<some malicious xml string...>");