CVE-2021-47756
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-16

Last updated on: 2026-01-16

Assigner: VulnCheck

Description
Laravel Valet versions 1.1.4 to 2.0.3 contain a local privilege escalation vulnerability that allows users to modify the valet command with root privileges. Attackers can edit the symlinked valet command to execute arbitrary code with root permissions without additional authentication.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-16
Last Modified
2026-01-16
Generated
2026-06-16
AI Q&A
2026-01-16
EPSS Evaluated
2026-06-15
NVD
CVE-2021-47756
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
laravel valet From 1.1.4 (inc) to 2.0.3 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-732 The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2021-47756 is a local privilege escalation vulnerability in Laravel Valet versions 1.1.4 through 2.0.3 on macOS. It occurs because the 'valet' command is symlinked to a location writable by the user, combined with sudoers rules that allow running 'valet' commands as root without a password. This means an attacker with local access can modify the 'valet' command to execute arbitrary code with root privileges without additional authentication. [1, 3]

Impact Analysis

This vulnerability allows a local attacker to escalate their privileges to root by modifying the writable 'valet' command and executing it with elevated permissions. This can lead to unauthorized execution of arbitrary code with full system control, compromising confidentiality, integrity, and availability of the affected system. [1, 3]

Detection Guidance

You can detect this vulnerability by checking if the 'valet' command symlink is writable by the user and if sudoers rules allow running 'valet' commands as root without a password. Specifically, verify the permissions of the symlinked valet command at /usr/local/bin/valet and check sudoers entries for rules allowing passwordless execution of '/usr/local/bin/valet *'. Commands to help detect this include: 1) `ls -l /usr/local/bin/valet` to check if the symlink or target is writable by the user. 2) `sudo -l` to list sudo privileges and see if 'valet' commands can be run without a password. 3) Inspect sudoers files (e.g., `sudo cat /etc/sudoers.d/*`) for entries allowing passwordless execution of 'valet'. These checks can help identify if the system is vulnerable to this local privilege escalation. [3]

Mitigation Strategies

Immediate mitigation steps include: 1) Restrict write permissions on the 'valet' command symlink and its target to prevent unauthorized modification. 2) Remove or modify the sudoers rules that allow members of the admin group to run '/usr/local/bin/valet *' commands as root without a password. 3) Upgrade Laravel Valet to a version later than 2.0.3 where this vulnerability is fixed. 4) As a temporary measure, avoid running 'valet' commands with sudo until the issue is resolved. These steps reduce the risk of arbitrary code execution with root privileges via the vulnerable valet command. [1, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-47756. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart