Is being able to bypass 2FA on PayPal a security vulenrability?

Our account had some unusual login attempts on it, which triggered us needing 2FA to login each time.

I found a pretty easy way to bypass this, and reported the issue to Paypal on HackerOne.

I was told that "the reported behavior is intended" and they are closing the issue as informative.

A week on and the issue appears to be fixed.

Granted the way I found to bypass it was rather trivial, and I'm no expert. Am I right in thinking this is a legitimate security issue?