CVE-2021-47756 HIGH

CVE-2021-47756: Laravel Valet 2.0.3 - Local Privilege Escalation (macOS)

Vendor Laravel

Product Laravel Valet

Weakness CWE-732

Published January 15, 2026

Last update April 7, 2026

View on NVD All CVEs

CVSS base score

8.4/10

Attack vector Local

Attack complexity Low

Privileges required High

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

Description

Laravel Valet versions 1.1.4 to 2.0.3 contain a local privilege escalation vulnerability that allows users to modify the valet command with root privileges. Attackers can edit the symlinked valet command to execute arbitrary code with root permissions without additional authentication.

Key dates

Disclosure timeline

January 15, 2026 CVE published

April 7, 2026 Record updated