CVE-2021-47756

HIGH

Laravel Valet <2.0.3 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-47756. PoCs published by leonjza.

AI-analyzed exploit summary This exploit leverages a misconfigured sudoers rule in Laravel Valet (v1.1.4 to v2.0.3) on macOS, allowing a local user to modify the writable `valet` command symlink and execute arbitrary commands as root without a password. The PoC injects a `/bin/bash` payload into the valet command and triggers it via `sudo`.

Description

Laravel Valet versions 1.1.4 to 2.0.3 contain a local privilege escalation vulnerability that allows users to modify the valet command with root privileges. Attackers can edit the symlinked valet command to execute arbitrary code with root permissions without additional authentication.

Exploits (1)

exploitdb WORKING POC

by leonjza · pythonlocalmacos

https://www.exploit-db.com/exploits/50591

View Code ZIP pw:eip

This exploit leverages a misconfigured sudoers rule in Laravel Valet (v1.1.4 to v2.0.3) on macOS, allowing a local user to modify the writable `valet` command symlink and execute arbitrary commands as root without a password. The PoC injects a `/bin/bash` payload into the valet command and triggers it via `sudo`.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Laravel Valet v1.1.4 to v2.0.3

Auth required

Prerequisites: Local user access on macOS · Laravel Valet installed with vulnerable sudoers rules · User must be in the admin group

MITRE ATT&CK

T1548.001 - Setuid and Setgid T1059.004 - Unix Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/50591

Various Sources product

https://laravel.com/docs/8.x/valet

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/laravel-valet-local-privilege-escalation-macos

Scores

CVSS v3 8.4

EPSS 0.0018

EPSS Percentile 8.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-732

Status published

Products (1)

Laravel/Laravel Valet 1.1.4 to 2.0.3

Published Jan 16, 2026

Tracked Since Feb 18, 2026