This is normal behavior for SFTP. SFTP uses a shell environment and access is only granted to the cPanel account username. Access to SFTP is not granted to virtual FTP accounts that are created via the "FTP Accounts" option within cPanel. With SFTP, users can browse to higher level directories. However, they are not able to modify or view the contents of any files they do not have access to. This is similar to how jailshell works for SSH access. If you prefer to disable SFTP for the entire server, you can modify the following file:
Within this file, comment out the following line:
Subsystem sftp /usr/libexec/openssh/sftp-server
Once you save the file, you can restart SSH to ensure the change takes effect.