‘\0’ is a “null character“. It’s used to terminate strings in C and some portions of C++. Pex is doing a test to see how your code handles the null character, likely looking for the Poison Null Byte security exploit.
Most C# code has nothing to fear; if you pass your string to unmanaged code, however, you may have problems.
Just to be explicit… Pex is passing a string containing a null character. This is not a null reference.