diff --git a/pandas/io/formats/xml.py b/pandas/io/formats/xml.py
index f56fca8d7ef44..a9859ba598ee6 100644
--- a/pandas/io/formats/xml.py
+++ b/pandas/io/formats/xml.py
@@ -545,7 +545,7 @@ def _transform_doc(self) -> bytes:
         )
 
         with preprocess_data(handle_data) as xml_data:
-            curr_parser = XMLParser(encoding=self.encoding)
+            curr_parser = XMLParser(encoding=self.encoding, resolve_entities=False)
 
             if isinstance(xml_data, io.StringIO):
                 xsl_doc = fromstring(
diff --git a/pandas/io/xml.py b/pandas/io/xml.py
index bd3b515dbca2f..ca8306aa24e5b 100644
--- a/pandas/io/xml.py
+++ b/pandas/io/xml.py
@@ -636,7 +636,7 @@ def _parse_doc(
         )
 
         with preprocess_data(handle_data) as xml_data:
-            curr_parser = XMLParser(encoding=self.encoding)
+            curr_parser = XMLParser(encoding=self.encoding, resolve_entities=False)
 
             if isinstance(xml_data, io.StringIO):
                 if self.encoding is None: