Home

Description

Laravel Valet versions 1.1.4 to 2.0.3 contain a local privilege escalation vulnerability that allows users to modify the valet command with root privileges. Attackers can edit the symlinked valet command to execute arbitrary code with root permissions without additional authentication.

PUBLISHED Reserved 2026-01-10 | Published 2026-01-15 | Updated 2026-01-16 | Assigner VulnCheck




HIGH: 8.4CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
HIGH: 8.4CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

Incorrect Permission Assignment for Critical Resource

Product status

1.1.4 to 2.0.3
affected

Credits

leonjza finder

References

www.exploit-db.com/exploits/50591 (ExploitDB-50591) exploit

laravel.com/docs/8.x/valet (Laravel Valet Official Documentation) product

www.vulncheck.com/...-valet-local-privilege-escalation-macos (VulnCheck Advisory: Laravel Valet 2.0.3 - Local Privilege Escalation (macOS)) third-party-advisory

cve.org (CVE-2021-47756)

nvd.nist.gov (CVE-2021-47756)

Download JSON