diff --git a/mysql-test/main/gis.result b/mysql-test/main/gis.result
index d300d5b476b6d..fc5cf5b76b28c 100644
--- a/mysql-test/main/gis.result
+++ b/mysql-test/main/gis.result
@@ -5565,3 +5565,10 @@ x
 020000000101000000000000000000F03F000000000000F03F
 drop table t1;
 # End of 10.6 tests
+#
+# MDEV-35595 UBSAN: runtime error: load of value 3 for 'wkbByteOrder'
+#
+SELECT ST_GEOMFROMWKB (0x01060000000100000003020000000100000000000000000000000000000000000000) as g;
+g
+NULL
+# End of 10.11 tests
diff --git a/mysql-test/main/gis.test b/mysql-test/main/gis.test
index 5aa342f5ff4c7..a5b0c4d0608f3 100644
--- a/mysql-test/main/gis.test
+++ b/mysql-test/main/gis.test
@@ -3542,3 +3542,11 @@ select hex(st_geomfromgeojson('{"type":"Point","coordinates":[1,1]}', 1, a)) x f
 drop table t1;
 
 --echo # End of 10.6 tests
+
+--echo #
+--echo # MDEV-35595 UBSAN: runtime error: load of value 3 for 'wkbByteOrder'
+--echo #
+
+SELECT ST_GEOMFROMWKB (0x01060000000100000003020000000100000000000000000000000000000000000000) as g;
+
+--echo # End of 10.11 tests
diff --git a/sql/spatial.cc b/sql/spatial.cc
index 659a86afde5ea..06a09b71188f4 100644
--- a/sql/spatial.cc
+++ b/sql/spatial.cc
@@ -470,7 +470,7 @@ Geometry *Geometry::create_from_wkb(Geometry_buffer *buffer,
   uint32 geom_type;
   Geometry *geom;
 
-  if (len < WKB_HEADER_SIZE)
+  if (len < WKB_HEADER_SIZE || wkb[0] > wkb_ndr)
     return NULL;
   geom_type= wkb_get_uint(wkb+1, (wkbByteOrder)wkb[0]);
   if (!(geom= create_by_typeid(buffer, (int) geom_type)) ||
@@ -2898,8 +2898,9 @@ uint Gis_multi_polygon::init_from_wkb(const char *wkb, uint len,
     Gis_polygon p;
     int p_len;
 
-    if (len < WKB_HEADER_SIZE ||
-        res->reserve(WKB_HEADER_SIZE, 512))
+    if (len < WKB_HEADER_SIZE
+        || wkb[0] > wkb_ndr
+        || res->reserve(WKB_HEADER_SIZE, 512))
       return 0;
     res->q_append((char) wkb_ndr);
     res->q_append((uint32) wkb_polygon);
@@ -3416,8 +3417,9 @@ uint Gis_geometry_collection::init_from_wkb(const char *wkb, uint len,
     int g_len;
     uint32 wkb_type;
 
-    if (len < WKB_HEADER_SIZE ||
-        res->reserve(WKB_HEADER_SIZE, 512))
+    if (len < WKB_HEADER_SIZE
+        || wkb[0] > wkb_ndr
+        || res->reserve(WKB_HEADER_SIZE, 512))
       return 0;
 
     res->q_append((char) wkb_ndr);