Is Multi-Vendor Safe If Vendors Have Access

If vendors have “limited” access to their admin panel, is there any way that a malicious user/hacker could get access to the main Administrator panel? From what I can see, the vendors have the same view of all the pages and features of the Administrator, although the functions and features that don't apply to vendors are blockes. Do you think there could be a security breach?

Regards and thanks everyone