An XML bomb is a specific type of distributed denial-of-service (DDoS) attack where a tiny segment of code is sent to overwhelm the software that parses XML files, causing the server to crash.

It functions like a zip bomb: when an XML parser attempts to process the message, the number of nested data entities within it increases exponentially, eventually crashing the server.

How to Prevent an XML Attack

Examples of XML Bomb Attacks

Here are some reported instances of XML bomb attacks: