CVE-2021-47756

HIGH 8.4

Laravel Valet 2.0.3 - Local Privilege Escalation (macOS)

CVSS Score

8.4

EPSS Score

0.0%

EPSS Percentile

0th

Laravel Valet versions 1.1.4 to 2.0.3 contain a local privilege escalation vulnerability that allows users to modify the valet command with root privileges. Attackers can edit the symlinked valet command to execute arbitrary code with root permissions without additional authentication.

CWE	CWE-732
Vendor	laravel
Product	laravel valet
Published	Jan 15, 2026
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for laravel laravel valet

Be the first to know when new high vulnerabilities affecting laravel laravel valet are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Laravel / Laravel Valet

1.1.4 to 2.0.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/50591 laravel.com: https://laravel.com/docs/8.x/valet vulncheck.com: https://www.vulncheck.com/advisories/laravel-valet-local-privilege-escalation-macos

Credits

leonjza