diff --git a/lib/index.ts b/lib/index.ts
index 864cbac2..7ecddc52 100644
--- a/lib/index.ts
+++ b/lib/index.ts
@@ -135,6 +135,10 @@ class Y18N {
   }
 
   updateLocale (obj: Locale) {
+    if (this.locale === '__proto__') {
+      return
+    }
+
     if (!this.cache[this.locale]) this._readLocaleFile()
 
     for (const key in obj) {
diff --git a/test/y18n-test.cjs b/test/y18n-test.cjs
index d65b14b9..5f3c16d3 100644
--- a/test/y18n-test.cjs
+++ b/test/y18n-test.cjs
@@ -343,6 +343,16 @@ describe('y18n', function () {
 
       i18n.__('meow').should.equal('le meow')
     })
+
+    it('prevents prototype pollution', function () {
+      var i18n = y18n()
+
+      i18n.setLocale('__proto__')
+
+      i18n.updateLocale({ polluted: 'Yes! Its Polluted' })
+
+      expect({}).to.not.have.property('polluted')
+    })
   })
 
   describe('getLocale', function () {