Cyber Doc logo Cyber Doc
Cybersecurity Term

What is remote code execution?

A serious weakness where an attacker may cause a system to run unauthorised commands or code.

Web & Application Security Last reviewed: 2026-05-20

← Back to Learn Centre

What is remote code execution?

Remote code execution, or RCE, means an attacker can cause a system or application to run commands or code without permission.

Simple example

A vulnerable web application allows an attacker to run commands on the server hosting it.

Why it matters

RCE can give attackers deep control over systems and often requires urgent action.

Common warning signs

  • The activity is unexpected or unusual for the business context.
  • The request or system behaviour creates pressure to act quickly.
  • Normal approval, verification, or security processes are bypassed.
  • There are signs of unauthorised access, data exposure, or system change.
  • Staff are unsure whether the request, message, or system behaviour is legitimate.

Cyber Doc view

This term should be understood in business context, not only as a technical issue. Good protection usually combines clear processes, appropriate technical controls, staff awareness, and a calm response plan.

What to do

Proactive steps

  • Patch critical vulnerabilities quickly.
  • Avoid exposing admin interfaces unnecessarily.
  • Use secure coding and dependency management.
  • Limit application permissions.
  • Monitor for unusual process or command activity.

Reactive steps

  • Isolate the affected system if compromise is suspected.
  • Preserve logs and affected files.
  • Patch or mitigate the vulnerability urgently.
  • Check for persistence, new accounts, or changed files.
  • Rotate secrets that may have been exposed.

Related terms

  • Vulnerability
  • Security monitoring
  • Penetration testing