diff --git a/lib/constants.js b/lib/constants.js
index 27b3e20..3f7ef7e 100644
--- a/lib/constants.js
+++ b/lib/constants.js
@@ -99,6 +99,7 @@ module.exports = {
 
   // Replace globs with equivalent patterns to reduce parsing time.
   REPLACEMENTS: {
+    __proto__: null,
     '***': '*',
     '**/**': '**',
     '**/**/**': '**'
diff --git a/test/malicious.js b/test/malicious.js
index 33cf6b8..82a7d2c 100644
--- a/test/malicious.js
+++ b/test/malicious.js
@@ -30,4 +30,9 @@ describe('handling of potential regex exploits', () => {
       assert(!isMatch('A', `!(${repeat(500)}A)`, { maxLength: 499 }));
     }, /Input length: 504, exceeds maximum allowed length: 499/);
   });
+  it('should be able to accept Object instance properties', () => {
+    assert(isMatch('constructor', 'constructor'), 'valid match');
+    assert(isMatch('__proto__', '__proto__'), 'valid match');
+    assert(isMatch('toString', 'toString'), 'valid match');
+  });
 });