SUPEE-10266, Magento Commerce 1.4.3.6 and Open Source 1.9.3.6 contain multiple security enhancements that help close cross-site request forgery (CSRF), unauthorized data leak, and authenticated Admin user remote code execution vulnerabilities.
As always raise a ticket and we will apply the patch
Full details here: https://magento.com/security/patches/supee-10266