cPanel prior to 86.0.14 allows remote malicious users to trigger a bandwidth suspension via mail log strings (SEC-505).
cpanel cpanel