Zen C is a systems programming language that compiles to human-readable GNU C/C11. Prior version 0.4.2, command injection vulnerability (CWE-78) in the Zen compiler allows local attackers execute arbitrary shell commands by providing specially crafted output filename via `-o` command-line argument. The existed `main` application logic (specifically `src/main.c`), where constructed string invoke backend compiler. This was built concatenating various arguments, including user-controlled filename, and subsequently executed using `system()` function. Because invokes parse command, metacharacters within were interpreted shell, leading execution. An attacker who can influence arguments passed `zc` (like through build script or CI/CD pipeline configuration) with privileges of user running has been fixed 0.4.2 removing calls, implementing `ArgList`, internal argument handling. Users are advised update v0.4.2 later.