RCE doesn't really follow a login process design. As soon as you got RCE you can be considered pwned.
If not now, then at the time the next locally exploitable vulnerability comes up. There are plenty.