diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8328794952e..95b7c82ad3a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,7 @@ For notes on migrating to 2.x / 0.200.x see [the upgrade guide](doc/upgrade-to-2
 
 * feat(sdk-metrics): adds the cardinalitySelector argument to PeriodicExportingMetricReaders
   [#6460](https://github.com/open-telemetry/opentelemetry-js/pull/6460) @starzlocker
+* feat(opentelemetry-core): add extra checks on internal merge function for safety [#6587](https://github.com/open-telemetry/opentelemetry-js/pull/6587) @maryliag
 
 ### :boom: Breaking Changes
 
diff --git a/packages/opentelemetry-core/src/utils/merge.ts b/packages/opentelemetry-core/src/utils/merge.ts
index 908df5735d8..4750a9d8a0f 100644
--- a/packages/opentelemetry-core/src/utils/merge.ts
+++ b/packages/opentelemetry-core/src/utils/merge.ts
@@ -69,6 +69,13 @@ function mergeTwoObjects(
       const keys = Object.keys(two);
       for (let i = 0, j = keys.length; i < j; i++) {
         const key = keys[i];
+        if (
+          key === '__proto__' ||
+          key === 'constructor' ||
+          key === 'prototype'
+        ) {
+          continue;
+        }
         result[key] = takeValue(two[key]);
       }
     }
@@ -82,6 +89,13 @@ function mergeTwoObjects(
 
       for (let i = 0, j = keys.length; i < j; i++) {
         const key = keys[i];
+        if (
+          key === '__proto__' ||
+          key === 'constructor' ||
+          key === 'prototype'
+        ) {
+          continue;
+        }
         const twoValue = two[key];
 
         if (isPrimitive(twoValue)) {