BBLabs NewsBBLabs News
NewsAll articlesTopics
ES
  1. Home
  2. ›
  3. Glossary
  4. ›
  5. RCE
CVE

RCERemote Code Execution

Definition

Vulnerability that lets a remote attacker run arbitrary code on the vulnerable system. The highest-severity category — and the most-hunted in bug bounty.

RCE means the attacker sends payloads over the network and gets the target server to execute their code (shell, file read/write, pivot to other hosts). It doesn't necessarily require physical access or valid credentials.

Typical vectors: insecure deserialization (Java, .NET, Python pickle), command injection (unsanitized subprocess), SSTI (template injection), file upload with PHP/ASP execution, vulnerabilities in parsers (XML, image, PDF). In CVSS, unauthenticated RCE without user interaction usually scores ≥ 9.0.

Not to be confused with LPE (Local Privilege Escalation), where you already have access but want to elevate to root.

Related terms

  • LPE
  • SSRF
  • CVSS
  • CVE

Latest articles on CVE

  • →Microsoft removes GitHub account over public zero-day drops
  • →Emergency SharePoint patch: update now
  • →CVE-2026-31635 DirtyDecrypt: public PoC for Linux kernel LPE

Interested in CVE?

Get one technical story a day on cve — curated, summarised, actionable.

Subscribe
BBLabs NewsBBLabs News

BBLabs News

Una historia al día. Cero ruido.

Newsletter técnica de ciberseguridad. Una historia al día sobre CVEs críticos, brechas, bug bounty e IA. Filtrado por IA, escrito para humanos.

Producto

  • Hemeroteca
  • Ediciones
  • Temas
  • Glosario
  • RSS
  • Atom
  • JSON Feed

Editorial

  • Acerca de
  • Suscribirse
  • Cuenta
  • English

Legal

  • Privacidad
  • Términos
  • Contacto: team@bblabs.es

Conectar

  • YouTube · @0xGorka
  • Instagram · @bblabs.es
  • Discord BBLabs
  • Discord Bug Bounty ES
31 artículos·10 ediciones·Desde 2026·Hecho en España
© 2026 BBLabs News·Por Gorka El Bochi