Cross-Site Request Forgery (CSRF) is a security vulnerability that allows an attacker to perform unauthorized actions on a web application by exploiting the trust of authenticated users. It typically occurs when a malicious website causes a user's browser to perform an unwanted action on a different site where the user is authenticated, without their knowledge or consent.