Cyber Resilience

CVE-2021-47756

HighPublic PoCLPE

Published: 16 January 2026

Published
16 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0018 8.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2021-47756 is a high-severity Incorrect Permission Assignment for Critical Resource (CWE-732) vulnerability in Laravel Valet (inferred from references). Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 8.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-5 (Access Restrictions for Change).

Deeper analysis

CVE-2021-47756 is a local privilege escalation vulnerability in Laravel Valet versions 1.1.4 through 2.0.3. The issue stems from incorrect permissions (CWE-732) on a symlinked valet command, allowing local users to modify it with root privileges. This enables attackers to edit the command and execute arbitrary code as root without additional authentication. The vulnerability has a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

A local attacker requires only access to the system, with no privileges, low attack complexity, and no user interaction needed. By exploiting the misconfigured symlink, the attacker can alter the valet command to run malicious code upon invocation with root rights, achieving high impacts on confidentiality, integrity, and availability, such as full system compromise.

Advisories and references detail the issue further, including the VulnCheck advisory on Laravel Valet local privilege escalation on macOS (https://www.vulncheck.com/advisories/laravel-valet-local-privilege-escalation-macos), Laravel documentation (https://laravel.com/docs/8.x/valet), and a proof-of-concept exploit on Exploit-DB (https://www.exploit-db.com/exploits/50591). Security practitioners should review these sources for recommended mitigations, such as restricting access or updating affected installations.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Laravel Valet versions 1.1.4 to 2.0.3 contain a local privilege escalation vulnerability that allows users to modify the valet command with root privileges. Attackers can edit the symlinked valet command to execute arbitrary code with root permissions without additional authentication.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local privilege escalation via incorrect file permissions on a privileged command symlink, directly enabling arbitrary code execution as root.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-21325Shared CWE-732
CVE-2025-12985Shared CWE-732
CVE-2026-25112Shared CWE-732
CVE-2025-22454Shared CWE-732
CVE-2026-8110Shared CWE-732
CVE-2024-55411Shared CWE-732
CVE-2024-11497Shared CWE-732
CVE-2026-24834Shared CWE-732
CVE-2026-41217Shared CWE-732
CVE-2025-21571Shared CWE-732

Affected Assets

Laravel
Valet
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Establishes and enforces restrictive configuration settings for file permissions on symlinked commands like valet, directly preventing local users from modifying them due to CWE-732 misconfiguration.

prevent

Enforces least privilege to limit invocation of root-privileged commands like valet to authorized contexts only, mitigating local privilege escalation risks.

prevent

Restricts and authorizes access to make changes to critical system components such as symlinks, preventing unauthorized modifications that enable arbitrary root code execution.

References