RCE allows attackers to run arbitrary code on a remote system without physical access — the most dangerous vulnerability category. Often results from injection, deserialization, or memory corruption.
RCE = near-universal CVSS 9.8-10.0. Log4Shell, EternalBlue, ProxyLogon — famous RCE CVEs. Patch RCE vulnerabilities immediately. Defense in depth limits impact even after RCE (network segmentation, least privilege app accounts).