diff --git a/sdk/ml/azure-ai-ml/azure/ai/ml/_local_endpoints/utilities/commandline_utility.py b/sdk/ml/azure-ai-ml/azure/ai/ml/_local_endpoints/utilities/commandline_utility.py
index 3f41e5f0ffab..7fc5f54dedba 100644
--- a/sdk/ml/azure-ai-ml/azure/ai/ml/_local_endpoints/utilities/commandline_utility.py
+++ b/sdk/ml/azure-ai-ml/azure/ai/ml/_local_endpoints/utilities/commandline_utility.py
@@ -7,7 +7,7 @@
 import subprocess
 import sys
 import time
-
+import shlex
 from azure.ai.ml.exceptions import ErrorCategory, ErrorTarget, MlException
 
 
@@ -24,39 +24,40 @@ def run_cli_command(
     do_not_print=True,
     stderr_to_stdout=True,
 ):
+    # Ensure cmd_arguments is always a list for shell=False safety.
+    # Some callers may pass a pre-joined string; split it to maintain
+    # compatibility while keeping shell=False.
+    if isinstance(cmd_arguments, str):
+        cmd_arguments = shlex.split(cmd_arguments)
+
     if not custom_environment:
         custom_environment = os.environ
 
-    # We do this join to construct a command because "shell=True" flag, used below, doesn't work with the vector
-    # argv form on a mac OS.
-    command_to_execute = " ".join(cmd_arguments)
-
     if not do_not_print:  # Avoid printing the az login service principal password, for example
-        print("Preparing to run CLI command: \n{}\n".format(command_to_execute))
+        print("Preparing to run CLI command: \n{}\n".format(" ".join(cmd_arguments)))
         print("Current directory: {}".format(os.getcwd()))
 
     start_time = time.time()
     try:
         # We redirect stderr to stdout, so that in the case of an error, especially in negative tests,
         # we get the error reply back to check if the error is expected or not.
-        # We need "shell=True" flag so that the "az" wrapper works.
 
         # We also pass the environment variables, because for some tests we modify
         # the environment variables.
 
         subprocess_args = {
-            "shell": True,
+            "shell": False,
             "stderr": subprocess.STDOUT,
             "env": custom_environment,
         }
 
         if not stderr_to_stdout:
-            subprocess_args = {"shell": True, "env": custom_environment}
+            subprocess_args = {"shell": False, "env": custom_environment}
 
         if sys.version_info[0] != 2:
             subprocess_args["timeout"] = timeout
 
-        output = subprocess.check_output(command_to_execute, **subprocess_args).decode(encoding="UTF-8")
+        output = subprocess.check_output(cmd_arguments, **subprocess_args).decode(encoding="UTF-8")
 
         time_taken = time.time() - start_time
         if not do_not_print: