CVE-2021-47756

HIGH

Laravel Valet <2.0.3 - Privilege Escalation

Title source: llm

Description

Laravel Valet versions 1.1.4 to 2.0.3 contain a local privilege escalation vulnerability that allows users to modify the valet command with root privileges. Attackers can edit the symlinked valet command to execute arbitrary code with root permissions without additional authentication.

Exploits (1)

exploitdb WORKING POC

by leonjza · pythonlocalmacos

https://www.exploit-db.com/exploits/50591

View Code ZIP pw:eip

References (3)

[Various Sources] https://laravel.com/docs/8.x/valet

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/50591

[Third Party Advisory] https://www.vulncheck.com/advisories/laravel-valet-local-privilege-escalation-macos

Scores

CVSS v3 8.4

EPSS 0.0001

EPSS Percentile 1.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-732

Status published

Products (1)

Laravel/Laravel Valet 1.1.4 to 2.0.3

Published Jan 16, 2026

Tracked Since Feb 18, 2026