diff --git a/apps/core/src/components/default-catch-boundary.tsx b/apps/core/src/components/default-catch-boundary.tsx
index 02bc745f..cc58cc28 100644
--- a/apps/core/src/components/default-catch-boundary.tsx
+++ b/apps/core/src/components/default-catch-boundary.tsx
@@ -28,7 +28,7 @@ export function DefaultCatchBoundary({ error }: ErrorComponentProps) {
 
   // Format error details for display
   const errorMessage = error?.message || 'An unexpected error occurred'
-  const errorStack = error?.stack || ''
+  const errorStack = import.meta.env.DEV ? (error?.stack || '') : ''
   const hasStack = errorStack.length > 0
 
   const handleReportError = () => {
diff --git a/apps/school/src/components/default-catch-boundary.tsx b/apps/school/src/components/default-catch-boundary.tsx
index e08b8159..690bbd06 100644
--- a/apps/school/src/components/default-catch-boundary.tsx
+++ b/apps/school/src/components/default-catch-boundary.tsx
@@ -38,7 +38,7 @@ export function DefaultCatchBoundary({ error, reset }: ErrorComponentProps) {
   const [copied, setCopied] = useState(false)
 
   const errorMessage = error?.message || t.common.unexpectedError()
-  const errorStack = error?.stack || ''
+  const errorStack = import.meta.env.DEV ? (error?.stack || '') : ''
   const hasStack = errorStack.length > 0
 
   const handleCopyError = async () => {
diff --git a/pr_desc.txt b/pr_desc.txt
new file mode 100644
index 00000000..3af2d6f6
--- /dev/null
+++ b/pr_desc.txt
@@ -0,0 +1,5 @@
+🚨 Severity: MEDIUM
+💡 Vulnerability: The application was exposing full error stack traces in `DefaultCatchBoundary` to the user interface in production.
+🎯 Impact: This could potentially leak internal application paths, code structure, or dependencies to end-users or attackers during an unexpected error.
+🔧 Fix: Used `import.meta.env.DEV` to check if we are in development mode and only populated the `errorStack` constant when `DEV` is true.
+✅ Verification: Verify that the error boundary still catches errors correctly and the UI correctly doesn't render stack trace sections when `NODE_ENV` / `import.meta.env.DEV` resolves to false.