cPanel prior to 82.0.18 allows malicious users to leverage virtual mail accounts in order to bypass account suspensions (SEC-508).
cpanel cpanel