diff --git a/src/TransformOperationExecutor.ts b/src/TransformOperationExecutor.ts
index d76815e83..6dd31ab7e 100644
--- a/src/TransformOperationExecutor.ts
+++ b/src/TransformOperationExecutor.ts
@@ -145,6 +145,10 @@ export class TransformOperationExecutor {
 
             // traverse over keys
             for (const key of keys) {
+                if (key === '__proto__' || key === 'constructor') {
+                    continue;
+                }
+
                 const valueKey = key;
                 let newValueKey = key, propertyName = key;
                 if (!this.options.ignoreDecorators && targetType) {
diff --git a/test/functional/basic-functionality.spec.ts b/test/functional/basic-functionality.spec.ts
index 75b9293d2..7f96086d9 100644
--- a/test/functional/basic-functionality.spec.ts
+++ b/test/functional/basic-functionality.spec.ts
@@ -1749,6 +1749,20 @@ describe("basic functionality", () => {
         expect(transformedClass).toBeInstanceOf(TestClass);
     });
 
+    it('should not pollute the prototype with a `__proto__` property',() => {
+        const object = JSON.parse('{"__proto__": { "admin": true }}');
+        const plainObject = {};
+        classToPlainFromExist(object, plainObject);
+        expect((plainObject as any).admin).toEqual(undefined);
+    });
+
+    it('should not pollute the prototype with a `constructor.prototype` property',  () => {
+        const object = JSON.parse('{"constructor": { "prototype": { "admin": true }}}');
+        const plainObject = {};
+        classToPlainFromExist(object, plainObject);
+        expect((plainObject as any).admin).toEqual(undefined);
+    });
+
     it("should default union types where the plain type is an array to an array result", () => {
         class User {
             name: string;