diff --git a/changelogs/fragments/10524-capabilities-cmd-list.yml b/changelogs/fragments/10524-capabilities-cmd-list.yml
new file mode 100644
index 0000000000..e6af832b5c
--- /dev/null
+++ b/changelogs/fragments/10524-capabilities-cmd-list.yml
@@ -0,0 +1,2 @@
+minor_changes:
+  - capabilities - using safer mechanism to run external command (https://github.com/ansible-collections/community.general/pull/10524).
diff --git a/plugins/modules/capabilities.py b/plugins/modules/capabilities.py
index 08bd2e85ff..625de99b44 100644
--- a/plugins/modules/capabilities.py
+++ b/plugins/modules/capabilities.py
@@ -109,7 +109,7 @@ class CapabilitiesModule(object):
 
     def getcap(self, path):
         rval = []
-        cmd = "%s -v %s" % (self.getcap_cmd, path)
+        cmd = [self.getcap_cmd, "-v", path]
         rc, stdout, stderr = self.module.run_command(cmd)
         # If file xattrs are set but no caps are set the output will be:
         #   '/foo ='
@@ -144,7 +144,7 @@ class CapabilitiesModule(object):
 
     def setcap(self, path, caps):
         caps = ' '.join([''.join(cap) for cap in caps])
-        cmd = "%s '%s' %s" % (self.setcap_cmd, caps, path)
+        cmd = [self.setcap_cmd, caps, path]
         rc, stdout, stderr = self.module.run_command(cmd)
         if rc != 0:
             self.module.fail_json(msg="Unable to set capabilities of %s" % path, stdout=stdout, stderr=stderr)