because it does not carry the public key from it's issuer
A Public Key Certificate (PKC) doesn't contain the public key from it's issuer neither. A PKC contains the name of the issuer and is digitally signed by that issuer.
Similarly, an Attribute Certificate (AC) also contains an Issuer field (section 4.2.3 of RFC 5755, compared to section 4.1.2.4 of RFC 5280), and an Signature Algorithm (section 4.2.4 of RFC 5755, compared to section 4.1.2.3 of RFC 5280).
Section 5 of RFC 5755 describes the validation process and includes:
- The AC signature must be cryptographically correct, and the AC
issuer's entire PKC certification path MUST be verified in
accordance with [PKIXPROF].
[PKIXPROF] here refers to RFC5280 (section 6). Therefore, an AC is verified the same way as a PKC.