What is Remote Code Execution (RCE)?

Definition

RCE

What is Remote Code Execution?

A critical vulnerability class that allows an attacker to execute arbitrary commands or code on a target system from a remote location, typically without requiring physical access or prior authentication. RCE is the highest-severity finding in most penetration tests because it grants the attacker full control over the compromised system. Common RCE vectors include deserialization vulnerabilities, command injection, template injection, and exploitation of unpatched server-side software.

Related terms

Exploit →

A piece of software, command sequence, or technique that leverages a known vulnerability to cause unintended or unauthorized behavior in a target system.

Payload →

The component of an attack that performs the attacker's intended malicious action after a vulnerability has been triggered.

Reverse Shell →

A type of remote shell session where the compromised target machine initiates an outbound network connection back to the attacker's system, circumventing inbound firewall rules that would block a traditional bind shell.

Zero-Day Vulnerability →

A software vulnerability that has been discovered but not yet publicly disclosed or patched by the vendor, leaving affected systems with no available fix at the time it is known or exploited.

Put this into practice

Multi-step attack chain simulation →

See how Penetrify's autonomous AI agents find and validate this class of security issue in your application.