diff --git a/src/core/core.defaults.js b/src/core/core.defaults.js
index 67a1c8e5b84..e2501340dc8 100644
--- a/src/core/core.defaults.js
+++ b/src/core/core.defaults.js
@@ -7,6 +7,12 @@ import {applyScaleDefaults} from './core.scale.defaults.js';
 export const overrides = Object.create(null);
 export const descriptors = Object.create(null);
 
+
+function isValidScopePath(key) {
+  return !key.split('.').some((part) => (
+    part === '__proto__' || part === 'prototype' || part === 'constructor'
+  ));
+}
 /**
  * @param {object} node
  * @param {string} key
@@ -16,6 +22,9 @@ function getScope(node, key) {
   if (!key) {
     return node;
   }
+  if (!isValidScopePath(key)) {
+    throw new Error(`Invalid defaults scope: ${key}`);
+  }
   const keys = key.split('.');
   for (let i = 0, n = keys.length; i < n; ++i) {
     const k = keys[i];