High severity8.4NVD Advisory· Published Jan 16, 2026· Updated Apr 15, 2026

CVE-2021-47756

Description

Laravel Valet versions 1.1.4 to 2.0.3 contain a local privilege escalation vulnerability that allows users to modify the valet command with root privileges. Attackers can edit the symlinked valet command to execute arbitrary code with root permissions without additional authentication.

Affected products

RubyGems/Valetinferred
Range: >=1.1.4,<=2.0.3
Package: https://rubygems.org/gems/valet

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

laravel.com/docs/8.x/valetnvd
www.exploit-db.com/exploits/50591nvd
www.vulncheck.com/advisories/laravel-valet-local-privilege-escalation-macosnvd

News mentions

No linked articles in our index yet.

cvss	0.546
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000