PT-2026-3152 · Unknown · Laravel Valet
Leonjza
·
Published
2026-01-15
·
Updated
2026-01-21
·
CVE-2021-47756
CVSS v3.1
8.4
High
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Laravel Valet versions 1.1.4 through 2.0.3
Description
Laravel Valet versions 1.1.4 to 2.0.3 have a local privilege escalation issue. An attacker can modify the valet command to execute arbitrary code with root permissions without needing further authentication. This is achieved by editing the symlinked valet command.
Recommendations
Update Laravel Valet to a version later than 2.0.3.
Exploit
Fix
LPE
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Laravel Valet